SQL Injection Attacks Using OWASP Zap Fuzzer
SQL injection (SQLi) is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve.
In this video we're going to attack OWASP Mutillidae using Zap Proxy Fuzzer.
Links
owasp.org/www-project-mutilli...
OWASP Zap
www.zaproxy.org
#owasp #sqlinjection #cybersecurity #applicationsecurity
Пікірлер: 16
Nice to see some content of real value on yt
@thetesttherapist
Жыл бұрын
Thank you!
nice lesson thank you
@thetesttherapist
Ай бұрын
Thank you :)
thank you
@thetesttherapist
Жыл бұрын
Welcome!
Nicely explained.. Please help us to learn more functionality in owasp
@thetesttherapist
Жыл бұрын
Thank you :)
I just used owasp zap to check the website and there is an "Alerts" section. I want to get data directly from it, what should I do??
@thetesttherapist
3 ай бұрын
If by data you mean extract a report , here how you can generate a report 👇 From Report menu select generate report
how do i get the page that you enter the username in?
Hey , how to add the addon FuzzDB Files from market place , Could see FUZZDB files is available in market place but i am not able to add this addon, can you help me out in adding this?
@thetesttherapist
3 ай бұрын
Hey , if you are using Zap on Windows , sometimes it sees fuzz db files as a virus , try to add “FuzzDB Offensive” from the marketplace it should do the same job. Good luck!
@devil1238100
3 ай бұрын
@@thetesttherapist thanks for quick response , have one more query when i try to start Fuzzer it says "Some Fuzz locations do not have any payload set. At least one payload must be added to start the fuzzer" . I have added a payload using payloads option but still i could see this warning. How do i need to resolve this?
Can you do it with ldap injection too?
@thetesttherapist
8 ай бұрын
You can find ldap injection under jbrofuzz