Step by Step on how to find vulnerabilities in a web page in 10 minutes

Today I will to show you how to find vulnerabilities in web pages through error message in a very short time.

What’s a Error Massage

Error messages are notifications that are displayed on a web page due to multiple factors, but among them a misconfiguration in a web server and its applications. This can reveal very important information to an adversary who wants to take control of a system.

Target

The first thing to do is look for some vulnerable parameters on my website (<targetdomain.com>) with the help of Google Dork. The syntax is the following: “inurl:<SearchVulnerablePHPScript> site:<TargetDomain>”.

Google Dork search
Google Dork search

In this search, we found 10 possible URLs for the potential vulnerable target.

Now I will save the results from the Google home page in a .html file and use grep to extract the URLs, and use sort to remove duplicate lines.

Results obtained
Results obtained

Check parameters

Now I will use some SQL payloads to find out if the parameter is injectable. We copy a random URL from the previous results and enter it in the search bar of our browser. Then we add our payload as a value for the possible vulnerable parameter

Error Message
Error Message

Send attack

I’ll use sqmlap to try to enumerate their database. This server uses MariaDB as DBMS

sqlmap attack
sqlmap attack
Database
Database

As you can see, sqlmap was able to enumerate the web server (Apache) databases, using some parameters ( — level and — risk) and modules like between to bypass the WAF. Thank you for reading 🙂

See also  How is AI Changing the Game for Industries

AIpots

At aipots.com, we are on a mission to bring the transformative power of Artificial Intelligence (AI) closer to the hearts and minds of Kenyans. In a rapidly evolving technological landscape, we recognize the importance of demystifying AI and making it accessible to everyone. Our blog is your go-to destination for the latest insights, trends, and breakthroughs in AI, tailored specifically for the Kenyan audience. Whether you're a tech enthusiast, a business professional, or simply curious about the future, aipots.com is here to be your guide.

Leave a Reply

Your email address will not be published. Required fields are marked *

Next Post

Samsung set to introduce artificial intelligence (AI) features on its upcoming devices.

Thu Jan 18 , 2024
Samsung has announced plans to introduce artificial intelligence (AI) features on its upcoming devices. The embedment of AI will cut across all the categories, including visual displays, digital appliances, mobile experiences, and automotive technology. According to the Head of Customer Electronics at Samsung Electronics East Africa, Sam Odhiambo, this will […]
Samsung set to introduce artificial intelligence (AI) features on its upcoming devices.

You May Like