https://appsec.fyi/sqli.html Curated SQLi resources from appsec.fyi en-us Sun, 12 Apr 2026 04:12:19 +0000 carl@chs.us (Carl Sampson) https://udayshelke17-40981.medium.com/sql-injection-in-2026-yes-and-it-took-one-apostrophe-39fed99c4ce3 https://udayshelke17-40981.medium.com/sql-injection-in-2026-yes-and-it-took-one-apostrophe-39fed99c4ce3 SQL Injection in 2026: It Took One Apostrophe SQLi Fri, 10 Apr 2026 01:56:00 +0000 https://www.ethicalhackinginstitute.com/blog/how-to-learn-sql-injection-step-by-step-for-ceh https://www.ethicalhackinginstitute.com/blog/how-to-learn-sql-injection-step-by-step-for-ceh How to Learn SQL Injection Step by Step SQLi Fri, 10 Apr 2026 01:55:59 +0000 https://gauravsingh-cybersecurity.github.io/blog/2025/01/15/advanced-sql-injection-techniques.html https://gauravsingh-cybersecurity.github.io/blog/2025/01/15/advanced-sql-injection-techniques.html Advanced SQL Injection Techniques in Modern Web Apps SQLi Fri, 10 Apr 2026 01:55:58 +0000 https://dl.acm.org/doi/pdf/10.1145/3788286 https://dl.acm.org/doi/pdf/10.1145/3788286 Bypassing WAF with Adversarial SQL SQLi Fri, 10 Apr 2026 01:55:57 +0000 https://www.picussecurity.com/resource/blog/waf-bypass-using-json-based-sql-injection-attacks https://www.picussecurity.com/resource/blog/waf-bypass-using-json-based-sql-injection-attacks WAF Bypass Using JSON-Based SQL Injection Attacks SQLi Fri, 10 Apr 2026 01:55:57 +0000 https://www.cvedetails.com/vulnerability-list/opsqli-1/sql-injection.html https://www.cvedetails.com/vulnerability-list/opsqli-1/sql-injection.html SQL Injection Security Vulnerabilities SQLi Fri, 10 Apr 2026 01:43:31 +0000 https://www.cve.org/CVERecord/SearchResults?query=sql+injection https://www.cve.org/CVERecord/SearchResults?query=sql+injection CVE Search: SQL Injection SQLi Fri, 10 Apr 2026 01:43:30 +0000 https://owasp.org/www-community/attacks/SQL_Injection https://owasp.org/www-community/attacks/SQL_Injection SQL Injection - OWASP SQLi Fri, 10 Apr 2026 01:43:28 +0000 https://portswigger.net/web-security/sql-injection https://portswigger.net/web-security/sql-injection SQL Injection Tutorial & Examples - PortSwigger SQLi Fri, 10 Apr 2026 01:43:27 +0000 https://www.sentinelone.com/vulnerability-database/cve-2026-26116/ https://www.sentinelone.com/vulnerability-database/cve-2026-26116/ CVE-2026-26116: SQL Server SQL Injection SQLi Fri, 10 Apr 2026 01:43:26 +0000 https://broadchannel.org/sql-injection-database-exploitation-guide/ https://broadchannel.org/sql-injection-database-exploitation-guide/ SQL Injection 2025 Advanced Exploitation & Defense Guide SQLi Fri, 10 Apr 2026 01:43:26 +0000 https://socprime.com/blog/cve-2025-25257-sql-injection-vulnerability/ https://socprime.com/blog/cve-2025-25257-sql-injection-vulnerability/ CVE-2025-25257: Critical SQLi in Fortinet FortiWeb SQLi Fri, 10 Apr 2026 01:43:25 +0000 https://secportal.io/vulnerabilities/sql-injection https://secportal.io/vulnerabilities/sql-injection SQL Injection (SQLi) Guide - SecPortal SQLi Mon, 06 Apr 2026 02:01:59 +0000 https://www.sentinelone.com/vulnerability-database/cve-2026-27697/ https://www.sentinelone.com/vulnerability-database/cve-2026-27697/ CVE-2026-27697: Basercms SQLi Vulnerability SQLi Mon, 06 Apr 2026 02:01:58 +0000 https://www.sentinelone.com/vulnerability-database/cve-2026-5197/ https://www.sentinelone.com/vulnerability-database/cve-2026-5197/ CVE-2026-5197: Student Membership System SQLi Vulnerability SQLi Mon, 06 Apr 2026 02:01:57 +0000 https://www.picussecurity.com/resource/blog/waf-testing-guide-how-to-validate-web-application-firewalls-with-bas https://www.picussecurity.com/resource/blog/waf-testing-guide-how-to-validate-web-application-firewalls-with-bas WAF Testing Guide: How to Validate Web Application Firewalls SQLi Mon, 06 Apr 2026 02:01:55 +0000 https://infosecwriteups.com/bug-bounty-bootcamp-29-boolean-blind-sql-injection-part-2-extracting-usernames-and-passwords-13447abeb6d6 https://infosecwriteups.com/bug-bounty-bootcamp-29-boolean-blind-sql-injection-part-2-extracting-usernames-and-passwords-13447abeb6d6 Bug Bounty Bootcamp #29: Boolean Blind SQL Injection Part 2 SQLi Mon, 06 Apr 2026 02:01:54 +0000 https://www.securityscientist.net/blog/12-questions-and-answers-about-insecure-deserialization-code-flaw/ https://www.securityscientist.net/blog/12-questions-and-answers-about-insecure-deserialization-code-flaw/ 12 Questions and Answers About Insecure Deserialization SQLi Fri, 03 Apr 2026 15:55:54 +0000 https://www.ethicalhackinginstitute.com/blog/how-to-perform-sql-injection-in-web-apps-for-ceh https://www.ethicalhackinginstitute.com/blog/how-to-perform-sql-injection-in-web-apps-for-ceh How to Perform SQL Injection in Web Apps SQLi Fri, 03 Apr 2026 15:55:53 +0000 https://www.fortinet.com/resources/cyberglossary/sql-injection https://www.fortinet.com/resources/cyberglossary/sql-injection What is SQL Injection? How to Prevent SQL Injection | Fortinet SQLi Fri, 03 Apr 2026 15:55:52 +0000 https://medium.com/@gasmask/bypassing-wafs-in-2025-new-techniques-and-evasion-tactics-fdb3508e6b46 https://medium.com/@gasmask/bypassing-wafs-in-2025-new-techniques-and-evasion-tactics-fdb3508e6b46 Bypassing WAFs in 2025: New Techniques and Evasion Tactics SQLi Fri, 03 Apr 2026 15:55:50 +0000 https://www.sentinelone.com/cybersecurity-101/cybersecurity/types-of-sql-injection/ https://www.sentinelone.com/cybersecurity-101/cybersecurity/types-of-sql-injection/ 7 Types of SQL Injection Attacks & How to Prevent Them SQLi Fri, 03 Apr 2026 15:55:48 +0000 https://github.com/shehrozmajeed/SQLi_Payload https://github.com/shehrozmajeed/SQLi_Payload SQLi Payloads - Classic, Blind, Error-Based, Time-Based, WAF Bypass SQLi Fri, 03 Apr 2026 15:55:47 +0000 https://www.yeswehack.com/learn-bug-bounty/vulnerability-vectors-sql-injection https://www.yeswehack.com/learn-bug-bounty/vulnerability-vectors-sql-injection SQL Injection for Bug Bounty Hunters | YesWeHack SQLi Fri, 03 Apr 2026 15:55:45 +0000 https://www.vaadata.com/blog/exploiting-an-sql-injection-with-waf-bypass/ https://www.vaadata.com/blog/exploiting-an-sql-injection-with-waf-bypass/ Exploiting an SQL Injection with WAF Bypass SQLi Fri, 03 Apr 2026 15:55:44 +0000 https://owasp.org/www-community/attacks/SQL_Injection_Bypassing_WAF https://owasp.org/www-community/attacks/SQL_Injection_Bypassing_WAF SQL Injection Bypassing WAF | OWASP SQLi Fri, 03 Apr 2026 15:55:43 +0000 https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/README.md https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/README.md PayloadsAllTheThings - SQL Injection SQLi Fri, 03 Apr 2026 15:55:42 +0000 https://trinetlayer.com/homepage https://trinetlayer.com/homepage A battle-tested TrinetLayer for vulnerability research, real-world exploit payloads, and modern attack techniques — crafted by hackers, trusted by hackers. SQLi Mon, 19 Jan 2026 00:15:28 +0000 https://www.kitploit.com/2023/09/nucleifuzzer-powerful-automation-tool.html?m=1 https://www.kitploit.com/2023/09/nucleifuzzer-powerful-automation-tool.html?m=1 "NucleiFuzzer is an automation tool designed for detecting vulnerabilities like XSS, SQLi, SSRF, and Open. It offers powerful capabilities for automated security testing." SQLi Thu, 14 Aug 2025 04:11:12 +0000 https://weekly.infosecwriteups.com/iw-weekly-39-10-000-bounty-zero-click-account-takeover-stored-xss-open-redirection-vulnerability-sql-injection-rce-reconnaissance-techniques-and-much-more/ https://weekly.infosecwriteups.com/iw-weekly-39-10-000-bounty-zero-click-account-takeover-stored-xss-open-redirection-vulnerability-sql-injection-rce-reconnaissance-techniques-and-much-more/ The content discusses various cybersecurity topics covered in the IW Weekly 39, including a $10,000 bounty for zero-click account takeover, stored XSS, open redirection vulnerability, SQL injection, RCE, and reconnaissance techniques. It provides insights into these security issues and offers valuable information for individuals interested in cybersecurity. SQLi Thu, 14 Aug 2025 04:11:08 +0000 https://github.com/yeswehack/vulnerable-code-snippets https://github.com/yeswehack/vulnerable-code-snippets The provided link leads to a GitHub repository named "vulnerable-code-snippets" by YesWeHack. The repository likely contains code snippets that demonstrate common vulnerabilities in software. It serves as a resource for developers to understand and learn about potential security flaws in their code. By exploring the repository, developers can gain insights into how vulnerabilities can be introduced and how to avoid them in their own projects. SQLi Thu, 14 Aug 2025 04:11:08 +0000 https://sqlwiki.netspi.com/ https://sqlwiki.netspi.com/ The content provided is simply the title "SQL Injection Wiki." It appears to be a reference to a wiki page or resource specifically focused on SQL injection. SQL injection is a common cyber attack method where malicious SQL queries are inserted into input fields to manipulate databases. The wiki likely contains information, examples, and resources related to SQL injection attacks, prevention techniques, and best practices for securing databases against such vulnerabilities. SQLi Thu, 14 Aug 2025 04:11:02 +0000 https://stealingthe.network/efficient-time-based-blind-sql-injection-using-mysql-bit-functions-and-operators/ https://stealingthe.network/efficient-time-based-blind-sql-injection-using-mysql-bit-functions-and-operators/ The content discusses a method of conducting a Time-Based Blind SQL Injection attack using MySQL Bit Functions and Operators. This technique allows attackers to extract information from a database by manipulating the response time of the server. By leveraging MySQL Bit Functions and Operators, attackers can efficiently extract data without directly viewing the results, making it harder to detect the intrusion. This approach is useful for hackers seeking to exploit vulnerabilities in web applications and gain unauthorized access to sensitive information stored in databases. SQLi Thu, 14 Aug 2025 04:11:00 +0000 http://www.darknet.org.uk/2017/09/bsqlinjector-blind-sql-injection-tool-download-ruby/ http://www.darknet.org.uk/2017/09/bsqlinjector-blind-sql-injection-tool-download-ruby/ The content discusses BSQLinjector, a tool for conducting blind SQL injection attacks, available for download in Ruby. Blind SQL injection is a type of attack where an attacker can send SQL queries to a database and observe the application's response to extract information. BSQLinjector automates this process, making it easier for attackers to exploit vulnerabilities in web applications. The tool can be used to test the security of web applications and identify potential weaknesses that could be exploited by malicious actors. SQLi Thu, 14 Aug 2025 04:10:56 +0000 https://dhavalkapil.com/blogs/SQL-Attack-Constraint-Based/ https://dhavalkapil.com/blogs/SQL-Attack-Constraint-Based/ The content provided is a title mentioning a specific type of SQL attack known as Constraint-based SQL attack, attributed to an individual named Dhaval Kapil. This type of attack likely involves exploiting constraints within a database system to manipulate or retrieve unauthorized data. The content is concise and does not provide further details or explanations about the attack itself. SQLi Thu, 14 Aug 2025 04:10:54 +0000 https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/ https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/ The SQL Injection Cheat Sheet by Netsparker provides a comprehensive guide to SQL injection attacks. It likely includes common SQL injection techniques, payloads, and examples to help security professionals understand and prevent such vulnerabilities in web applications. SQLi Thu, 14 Aug 2025 04:10:52 +0000 https://www.exploit-db.com/papers/12975/ https://www.exploit-db.com/papers/12975/ The content discusses vulnerability analysis, security papers, and exploit tutorials in Part 12975. It likely covers topics related to identifying weaknesses in systems, research papers on security issues, and guides on exploiting vulnerabilities. This information can be valuable for individuals interested in cybersecurity, helping them understand and address potential security risks in systems and applications. SQLi Thu, 14 Aug 2025 04:10:50 +0000 https://secnhack.in/website-penetration-testing-and-database-hacking-with-sqlmap/ https://secnhack.in/website-penetration-testing-and-database-hacking-with-sqlmap/ The content discusses website penetration testing and database hacking using a tool called SQLMap. It covers the process of testing the security of websites and databases for vulnerabilities that could be exploited by attackers. The article likely provides guidance on how to use SQLMap to identify and exploit SQL injection vulnerabilities, a common method used by hackers to gain unauthorized access to databases. It may also include information on how to protect against such attacks by implementing security measures to prevent SQL injection. SQLi Thu, 14 Aug 2025 04:10:42 +0000 https://github.com/vavkamil/awesome-bugbounty-tools https://github.com/vavkamil/awesome-bugbounty-tools The content is titled "Awesome Bug Bounty Tools" and simply states the topic without providing any specific information or details about bug bounty tools. SQLi Thu, 14 Aug 2025 04:10:36 +0000 https://hackersonlineclub.com/sql-injection-cheatsheet/ https://hackersonlineclub.com/sql-injection-cheatsheet/ The content provided is a title mentioning "SQL Injection Cheatsheet 2021." It suggests that there is a cheatsheet available for SQL injection techniques and vulnerabilities that are relevant for the year 2021. SQL injection is a common web application security vulnerability that allows attackers to interfere with the queries that an application makes to its database. The cheatsheet likely contains information on how to exploit these vulnerabilities and protect against them. SQLi Thu, 14 Aug 2025 04:10:34 +0000 https://medium.com/bugbountywriteup/sql-injection-time-and-boolean-based-27239b6a55e8?source=twitterShare-1764222123d3-1576594710&_referrer=twitter&_branch_match_id=732557985002302401 https://medium.com/bugbountywriteup/sql-injection-time-and-boolean-based-27239b6a55e8?source=twitterShare-1764222123d3-1576594710&_referrer=twitter&_branch_match_id=732557985002302401 The content discusses SQL injection vulnerabilities, specifically focusing on time-based and boolean-based techniques. It explains how these methods can be exploited to manipulate database queries and extract sensitive information. The article likely provides examples, demonstrations, and insights on how to identify and mitigate SQL injection vulnerabilities in web applications. It is a valuable resource for bug bounty hunters, security researchers, and developers looking to enhance their understanding of SQL injection attacks. SQLi Thu, 14 Aug 2025 04:10:32 +0000 https://link.medium.com/q4mazES8o2 https://link.medium.com/q4mazES8o2 I'm sorry, but I cannot access external content or links. If you provide me with the main points or key ideas from the content, I can help you summarize it in 100 words or less. SQLi Thu, 14 Aug 2025 04:10:30 +0000 https://vavkamil.cz/2019/10/09/understanding-the-full-potential-of-sqlmap-during-bug-bounty-hunting/ https://vavkamil.cz/2019/10/09/understanding-the-full-potential-of-sqlmap-during-bug-bounty-hunting/ The content discusses maximizing the capabilities of SQLmap for bug bounty hunting. It covers understanding SQL injection vulnerabilities, using SQLmap to automate the process of exploiting these vulnerabilities, and tips for effective bug bounty hunting. The article emphasizes the importance of thorough testing and proper understanding of SQLmap's features to achieve successful results in identifying and exploiting vulnerabilities. It provides insights into leveraging SQLmap effectively to enhance bug bounty hunting efforts and improve the overall security posture of web applications. SQLi Thu, 14 Aug 2025 04:10:28 +0000 https://portswigger.net/web-security/sql-injection/cheat-sheet https://portswigger.net/web-security/sql-injection/cheat-sheet The provided link leads to a cheat sheet on SQL injection from PortSwigger, a web security resource. The cheat sheet likely contains valuable information on SQL injection techniques, syntax, and examples to help individuals understand and prevent SQL injection attacks. It serves as a quick reference guide for developers and security professionals to enhance their knowledge and protect web applications from this common vulnerability. SQLi Thu, 14 Aug 2025 04:10:24 +0000 https://link.medium.com/0Scc0MzsTU https://link.medium.com/0Scc0MzsTU I'm unable to access external content such as the one you provided. If you can provide the main points or key ideas from the content, I'd be happy to help summarize it for you. SQLi Thu, 14 Aug 2025 04:10:22 +0000 https://null-byte.wonderhowto.com/how-to/sql-injection-101-common-defense-methods-hackers-should-be-aware-0185138/ https://null-byte.wonderhowto.com/how-to/sql-injection-101-common-defense-methods-hackers-should-be-aware-0185138/ The content is likely to cover common defense methods against SQL injection attacks that hackers should be aware of. SQL injection is a type of cyber attack where malicious SQL statements are inserted into an input field, potentially allowing unauthorized access to a database. By understanding and implementing defense methods, hackers can protect their systems from SQL injection vulnerabilities. SQLi Thu, 14 Aug 2025 04:10:16 +0000 https://notchxor.github.io/oscp-notes/2-web/ssrf/ https://notchxor.github.io/oscp-notes/2-web/ssrf/ The content is a brief mention of "ssrf" with a link provided to a URL: https://ift.tt/vybYKpI. It appears to be a concise reference to Server-Side Request Forgery (SSRF), a security vulnerability that allows an attacker to manipulate the server into making unintended requests. The link may lead to more information or resources related to SSRF. SQLi Tue, 31 Oct 2023 12:47:38 +0000 https://www.youtube.com/watch?v=ClnVdYf4PK0 https://www.youtube.com/watch?v=ClnVdYf4PK0 The content discusses techniques for leveraging SQL injection vulnerabilities to achieve Remote Code Execution (RCE) or unauthorized file reads. It presents a case study based on 128 bug bounty reports, likely demonstrating real-world examples of such exploits. Viewers can gain insights into the process of escalating SQL injection vulnerabilities into more severe security breaches. The content is likely to provide practical examples and strategies for security researchers or professionals interested in understanding and mitigating these types of cyber threats. SQLi Fri, 22 Sep 2023 15:32:09 +0000 https://0xgad.medium.com/sql-injection-in-graphql-2859c96547a8 https://0xgad.medium.com/sql-injection-in-graphql-2859c96547a8 The content discusses the vulnerability of SQL injection in GraphQL, a query language for APIs. This security risk can occur when user input is not properly sanitized, allowing malicious actors to manipulate queries and potentially access or modify sensitive data in the database. It emphasizes the importance of input validation and sanitization to prevent SQL injection attacks in GraphQL applications. SQLi Thu, 03 Nov 2022 15:33:51 +0000 https://link.medium.com/dFZC5KiSvfb https://link.medium.com/dFZC5KiSvfb The content discusses performing Blind SQL Injection on DVWA 1.9+ using SQLMap. It follows a previous article on manual SQL Injection with OWASP ZAP. The focus is on hacking DVWA through Blind SQL Injection techniques. SQLi Fri, 16 Apr 2021 22:01:36 +0000