SQL, Code Injection, and Scanners                                           Chapter 5

            Once TRMNBQ runs through its range of test inputs, it will prompt you to ask about
            targeting other parameters. Once you've run through all the parameters passed in the
            targeted URL, TRMNBQ will print out a report of all the vulnerabilities discovered:


































            Success! There are a few vulnerabilities related to the JE parameter, including a pair of
            blind SQLi vulnerabilities (where the results of the injection are not directly visible in the
            GUI) and error- and 6/*0/-based inputsball confirmed by the documentation on
            XFCTDBOUFTU DPN.


            Trawling for Bugs ` Using Google Dorks and

            Python for SQLi Discovery



            Using TRMNBQ requires a URL to targetbone that will contain testable parameters. This
            next technique can be used to target specific applications and form inputsblike TRMNBQ
            doesbor to simply return a list of sites susceptible to SQLi vulnerabilities.






                                                    [ 78 ]