Skip to main content

SQLi Exploitation

Discover SQL Injection vulnerabilities in web applications.

Access SQLi Exploitation via the Navigation Menu

note

Users can scan using VAPT Tools via the "VAPT Tools" navigation menu. By clicking on the "VAPT Tools" menu, various tools will appear, then click SQLi Exploitation tool.

Select SQLi Exploitation Navbar Capture

SQLi Exploitation Capture

To scan using SQLi Exploitation, users can follow these steps.

  1. Enter the task name in the Task Name textbox
  2. Input the target value in the form of domain/URL/IPs
  3. Select one of the scan options between domain, direct, or request
    • If the user selects Domain, then only fill in the target value in the form of a domain
    • If the user selects Direct, the path filling will appear Direct Capture
    • If the user selects Request, a request (required) and parameters (optional) will appear. Request Capture
  4. Click the agree Terms of Service checkbox
  5. Click the Apply button to start the scan

Access SQLi Exploitation Via Targets Page

note

The selected target will be scanned with the available tools. Select SQLi Exploitation Tool

Select SQLi Exploitation Capture

SQLi Exploitation Capture

To scan using SQLi Exploitation, users can follow these steps.

  1. Enter the task name in the Task Name textbox
  2. Select one of the scan options, namely Domain, Direct, or Request
    • If the user selects Domain, then only fill in the target value in the form of a domain
    • If the user selects Direct, the path filling will appear Direct Capture
    • If the user selects Request, a request (required) and parameters (optional) will appear. Request Capture
  3. Click the agree Terms of Service checkbox
  4. Click the Start Scan button to start the scan, click Cancel if you want to cancel

Running an Authenticated Scan with API Scanner

Cookies Capture Users can follow the following steps.

  1. After enabling the authentication feature

  2. Enter the Login Form URL, the authentication endpoint that issues tokens (e.g., https://loginapi.vulnapp.id/tokens)

  3. Enter the Login Request Payload, the login request body in the format the API expects (commonly JSON). Example JSON: {"username":"user1","password":"pass1"}

    note

    Helium does not store any data/credentials on this feature, requests are handled in real-time.

  4. Enter the Auth Token Location, the location of the token in the login response using dot notation for nested fields (e.g., access.token.id)

  5. Enter the Auth Header Name, the HTTP header the scanner will use to send the token (e.g., X-Auth-Token or Authorization)

  6. Enter the Auth Prefix (optional), prefix to include before the token if required (e.g., Bearer: token)

  7. Check the box "I am authorized to scan this target and I agree to the Terms of Service."

  8. Click APPLY button to start the authenticated scan

    note

    If the scan was run using an authenticated session, you will be required to re-enter your authentication credentials before a database dump can be performed.