New Payload position: Insert

Same scanner, different vulnerabilities

New Payload position: Insert

The Payload position field is to specify where each of the payloads defined in the profiles will be established. For example in a request:

     GET /listproducts.php?cat=123456 HTTP/1.1
     Host: testphp.vulnweb.com

Suppose that we have specified the Insertion point type is Param url (123456 value). If we have the '-alert(1)-' payload, the Payload position can be the following:

Replace:

     GET /listproducts.php?cat='-alert(1)-' HTTP/1.1
     Host: testphp.vulnweb.com

Append:

     GET /listproducts.php?cat=123456'-alert(1)-' HTTP/1.1
     Host: testphp.vulnweb.com

Insert:

     GET /listproducts.php?cat=123'-alert(1)-'456 HTTP/1.1
     Host: testphp.vulnweb.com

Below, you can see an example of how the new Payload Position would be: Insert

Request:

Please Login to Comment.