add SQLi in WS

xanhacks · Feb 19, 2023 · 1e5acf1 · 1e5acf1
1 parent 0953e86
commit 1e5acf1
Showing 1 changed file with 11 additions and 1 deletion.
diff --git a/docs/web/sql-injection.md b/docs/web/sql-injection.md
@@ -70,4 +70,14 @@ Use `--vertical` to enable the vertical format or ending query with `\G`, exampl
 	Info: {"Population": 1608144}
 ```
 
-> Source [dev.mysql.com](https://dev.mysql.com/doc/mysql-shell/8.0/en/mysql-shell-output-vertical.html).
+> Source [dev.mysql.com](https://dev.mysql.com/doc/mysql-shell/8.0/en/mysql-shell-output-vertical.html).
+
+### SQL Injection in Websockets
+
+Example of command using SQLmap :
+
+```
+$ sqlmap -u "ws://soc-player.soccer.htb:9091" --data='{"id":"57636*"}'
+```
+
+Another way would be to use an HTTP server as proxy: https://rayhan0x01.github.io/ctf/2021/04/02/blind-sqli-over-websocket-automation.html