New Payload position: Insert
The Payload position field is to specify where each of the payloads defined in the profiles will be established. For example in a request:
GET /listproducts.php?cat=123456 HTTP/1.1
Host: testphp.vulnweb.com
Suppose that we have specified the Insertion point type is Param url (123456 value). If we have the '-alert(1)-' payload, the Payload position can be the following:
Replace:
GET /listproducts.php?cat='-alert(1)-' HTTP/1.1
Host: testphp.vulnweb.com
Append:
GET /listproducts.php?cat=123456'-alert(1)-' HTTP/1.1
Host: testphp.vulnweb.com
Insert:
GET /listproducts.php?cat=123'-alert(1)-'456 HTTP/1.1
Host: testphp.vulnweb.com
Below, you can see an example of how the new Payload Position would be: Insert
Request: