HTTP Header Injection

There might be instances where important data might be getting stored in HTTP headers and that data might be used in SQL queries. SQL Injection is an obvious possibility here. Headers like User-Agent, X-Forwarded-For can be exploited to execute malicious SQLI payloads. If there is no sanitization of the data in HTTP headers then SQL injection is a possibility.

Let's consider an example of an application that stores User-Agent data to it's database. What if we inject a malicious SQL query in the User-Agent header. We can do so by using the following.

curl -H "User-Agent: ' UNION SELECT username,password from user; #"

So here we use # to comment out the remaining string.

PreviousFilter Evasion NextOther Endpoints

Last updated 26 days ago