Hands-On Application Penetration Testing with Burp Suite
上QQ阅读APP看书,第一时间看更新

Second-order SQL injection

SQL second-order works differently; one page in the web application takes the malicious user input and some other function on some other page or some other application retrieves this malicious content and parses it as a part of the query. Automated scanners are unable to detect such issues. However, Burp has an implemented logic that helps an attacker find out SQL second-order vulnerabilities.