Whenever I find a SQL injection vulnerability I always throw sqlmap at the injection point. It’s a simple, easy to use tools that will not only prove the vulnerability but allow you to extract data, gain command execution, and generally push further on with your penetration test. If I come across a filter or a web application firewall then I’ll habitually break out Burp Suite and start working on filter evasion manually, however there’s often a simpler way.
HTTP Header Injection vulnerabilities occur when user input is insecurely included within server responses headers. Specifically they are based around the idea that an attacker can cause the server to generate a response which includes carriage-return and line-feed characters (or %0D and %0A respectively in their URI encoded forms) within the server response header the attacker may be able to add crafted headers themselves. Header Injection can allow for attacks such as response splitting, session fixation, cross-site scripting, and malicious redirection.
I posted a while ago on the very basics of SQL Injection. Then after than I did a complete breakdown of the manual exploitation of SQL Injection. Armed with that post and a cheatsheet or two, you should be able to get knee deep in almost any injection point. However, the truth is that often these injection points can be exploited using free, publicly available tools such as SQLmap! SQL injection can be a time consuming thing to exploit, especially when it comes to blind or out-of-band injection! So why not take the path of least resistance and automate wherever you can.
There are a couple of sites out there which will take a look at the configuration of your site and give pointers as to where you can tighten up your configuration, pointing out if you’re missing headers such as Content-Security-Policy, X-Frame-Options or X-XSS-Protection.
If you run a WordPress Blog there’s a quick way of adding and removing headers – you can do it within the WordPress Admin interface, with the Appearance Editor: