How to exploit SQL Injections using Burpsuite

Database are often vulnerable to SQL injections that interfere in the SQL queries of the database. However, it is always recommended to exploit the vulnerability and here is the reliable tool which is known as “Burp suite”.

Let’s get on to the step to exploit SQL injections using Burp.

Step 1. Create your account on Burpsuite and configure it correctly with your browser.

On dashboard, Make sure “Intercept is off” in the Proxy “Intercept” tab.

Step 2. Now, open the website where you want to detect the vulnerability.

Move back to the Burp tab and enable “Intercept is on”.

Send request to the server by refreshing the webpage.

The Proxy “Intercept” tab will capture the request.

Step 3. capture the request. Right click anywhere and click on “Send to repeater” and enter the payload and check response in Burpsuite.

For instance, we exploit the “credit card” parameter in the URL.

“Credit card” parameter will reveal all the details about the person with the selected number in the table.

Step 4. You can see the response in the “Response” panel at the right side of your screen.

Other way is to right click on screen and click “Show response in browser”.

It is clearly visible that “credit card” details of the users are being attacked.

These are the few simple steps to detect the SQL injection from the database. However, there are massive data leak incidents are in notice, so its always better to take preventive measures to protect your confidential data from any unauthorized access. This way companies can ultimately guarded from huge losses.

Be careful !!

Leave a Reply