Second-order SQL injection
SQL second-order works differently; one page in the web application takes the malicious user input and some other function on some other page or some other application retrieves this malicious content and parses it as a part of the query. Automated scanners are unable to detect such issues. However, Burp has an implemented logic that helps an attacker find out SQL second-order vulnerabilities.
推薦閱讀
- 白話網絡安全2:網安戰略篇
- 信息安全導論(在線實驗+在線自測)
- 為你護航:網絡空間安全科普讀本(第2版)
- Rootkit和Bootkit:現代惡意軟件逆向分析和下一代威脅
- INSTANT Metasploit Starter
- 等級保護測評理論及應用
- 計算機使用安全與防護
- Kali Linux Network Scanning Cookbook(Second Edition)
- Testing and Securing Android Studio Applications
- Advanced Penetration Testing for Highly:Secured Environments(Second Edition)
- 數字銀行安全體系構建
- 隱私保護機器學習
- 黑客攻防從入門到精通:黑客與反黑客工具篇(第2版)
- Instant OSSEC Host-based Intrusion Detection System
- Blockchain Development with Hyperledger