SQLinjection with XSS

My report in tomorrow. If you find SQL injection, with union stament, you can force web application print result. Ex: union 1,2,3,4,5 -> You can see 2 3 4 5 number. Replace 2 with 'namhb', you can see namhb. So, you can exploit XSS in SQL injection.
Now, you can insert javascript, instead: alert(/namhb/) (in script tag). Buzz, new dialog.
Finish, have got many script, you can use sqli,js.
See demo:

Thanks for reading
Security Research
All my Lab:
Linux Lab -- window and Cisco Lab
to be continued - I will update more.


Popular posts from this blog

Python - Multithread to read one file

An toàn thông tin ứng dụng Web

OpenCA tutorial