SQL Injection through HTTP Headers
Did you know that your Web application may be vulnerable to SQL Injection attacks even through HTTP Headers.
During vulnerability assessment or penetration testing, identifying the input vectors of the target application is a primordial step. Sometimes, when dealing with Web application testing, verification routines related to SQL injection flaws discovery are restricted to the GET and POST variables as the unique inputs vectors ever. What about other HTTP header parameters? Aren’t they potential input vectors for SQL injection attacks? How can one test all these HTTP parameters and which vulnerability scanners to use in order to avoid leaving vulnerabilities undiscovered in parts of the application?
Check this post to learn more if you thought SQL Injection attacks can only happen though GET or POST