It has been a long time since my last write-up. in this short write up I wanna share my last year's findings about SQL Injection that I found in the custom HTTP header request. So, I was doing my API…

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

SQL Injection in The HTTP Custom Header has been a long time since my last write-up. After successful login, the request has one more HTTP header in the request, User header, and the value is a username that login to the application. Now, I try to change the username for IDOR possibility but the server validates it.