Home » Best_Practices, Development, Programming

SQL Injection through HTTP Headers

5 April 2013 5,424 views One Comment Permanent Link

Did you know that your Web application may be vulnerable to SQL Injection attacks even through HTTP Headers.

During vulnerability assessment or penetration testing, identifying the input vectors of the target application is a primordial step. Sometimes, when dealing with Web application testing, verification routines related to SQL injection flaws discovery are restricted to the GET and POST variables as the unique inputs vectors ever. What about other HTTP header parameters? Aren’t they potential input vectors for SQL injection attacks? How can one test all these HTTP parameters and which vulnerability scanners to use in order to avoid leaving vulnerabilities undiscovered in parts of the application?

Check this post to learn more if you thought SQL Injection attacks can only happen though GET or POST
http://resources.infosecinstitute.com/sql-injection-http-headers/

pixel SQL Injection through HTTP Headers

PR: 0

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...