The URL that we will be analyzing is www.dhl.com. This is the international page, but if you visualize the regional websites, they are similar, so it is possible that a vulnerability in one of them replicates others. This happens to a lot of companies that have operations in various countries. Actually, sometimes the company has a different representation in a different country, but the web application is the same.
To determine whether dhl.com has an SQL injection, we will do three different analyses:
- Automatic scan
- SQLMap detection
- Intruder detection
The simplest way to detect vulnerabilities such as SQL injections is by using Burp Suite's scanner:
- To launch the scan, open Burp Suite, go to the main Dashboard, and click on
New scan
:
There is an option that we did not explore previously, which is used to control the scope during a scan. Imagine that your scope is not all of the DHL website—it is just www.dhl.com, but there are other applications, such...