Injection Vulnerabilities

Question 1

What should you attempt to fuzz when looking for injection points?

Answer 1

You should attempt all inputs. Also URL query parameters and headers.

Question 2

Why is it important to know details about the API when performing fuzzing?

Answer 2

Because knowing the operating system, programming language, frameworks and other tools that are being used is useful to send the right fuzzing payloads to cause an unintended response.

Question 3

What are SQL metacharacters?

Answer 3

They are characters that are treated as a function by SQL.

Question 4

A form does not perform any kind of input validation in the username field. By interacting with it, you were able to get a verbose response that gave away the complete SQL query:
SELECT * FROM userdb WHERE username = ‘hAPI_hacker’ AND password = ‘Password1!’
How could you exploit this using SQL injection?

Answer 4

Insert on the username field the following string:
hAPI_hacker’ OR ‘1=1’ – -
This value would close the single quote for the username, make the query result to be always true and use the single line comment metacharacter to remove the password verification.

Question 5

What is the act of fuzzing an API?

Answer 5

It’s the process of sending various types of input to an endpoint to cause an unintended response.

Question 6

What does a fuzzing payload usually include?

Answer 6

Anything that could cause an unintended response, something that the API is not programed to handle, like symbols, numbers, system commands, SQL queries, boolean operators, etc.

Question 7

What do you expect when fuzzing an API?

Answer 7

Any unintended response or behavior.

Question 8

Which tool is ideal for fuzzing across an entire API?

Answer 8

Postman Collection Runner

Question 9

Which tools are ideal for fuzzing deep into an individual request?

Answer 9

WFuzz and BurpSuite intruder