It all depends on the database used on the backend. Thats why it is normally a good habit to have several txt files with different payloads. Scripts like this can also be tweeked for different cases. Or you can make several scripts. One for sql, nosql, or what ever you come across. The key is learning the differences and building a tools that can work with the different types.
Intrusuon Detection System. I use suricata on my web site. I had a big problem with spray and pray ssh login attempts. After setting it up and adding a rule to drop ssh connects, and adding a ufw rule to only allow ssh logins from the ip address of a mchine I control. The ssh brute forcing has been stopped and isnt taking up resources on my server or clogging up my SIEM logs.
So instructive. Thanks for your channel!
Does this attack work with Microsoft sites? The normal Ms query has brackets which would cause the query to fail.
It all depends on the database used on the backend. Thats why it is normally a good habit to have several txt files with different payloads.
Scripts like this can also be tweeked for different cases. Or you can make several scripts. One for sql, nosql, or what ever you come across. The key is learning the differences and building a tools that can work with the different types.
Any ways to protect my site from this?
Input validation and an IDS like Suricata would go a long way to help.
@@gand0rfTRZ what is ids?
Intrusuon Detection System. I use suricata on my web site. I had a big problem with spray and pray ssh login attempts. After setting it up and adding a rule to drop ssh connects, and adding a ufw rule to only allow ssh logins from the ip address of a mchine I control. The ssh brute forcing has been stopped and isnt taking up resources on my server or clogging up my SIEM logs.