appsec.fyi

A somewhat curated list of links to various topics in application security.

SQL Injection

LinkExcerpt
Exploiting Error Based SQL Injections & Bypassing RestrictionsIn this article, we will be learning how to escalate attacks when we are stuck with Error Based SQL Injections. Before diving in, let’s quickly grasp the basics of Error-based SQLi.
Exploiting second-order blind SQL injectionRecently HackerOne organized an online CTF called 12 days of hacky holiday CTF. There was a total of 12 flags to be captured and for each flag, HackerOne gave a private program invitation on their platform.
Website Penetration Testing and Database Hacking with SqlmapHey Folks, in this tutorial we are going to demonstrate database hacking through one of the most valuable tool called is “sqlmap“.
Union SQLi Challenges (Zixem Write-up)I’ve always avoided learning more about SQL Injections, since they’ve always seemed like quite a daunting part of Infosec. Because of this, I finally decided to put in some time to an SQLi-focused wargame in order to sharpen my skills a little.
Identifying & Exploiting SQL Injections: Manual & AutomatedIn this article, we will start by Identifying the SQL Injection vulnerabilities & how to exploit the vulnerable application. Further, we will dive into the automated tool: Sqlmap, which will ease the attack escalation.
SQL Injection Cheat SheetWhat is an SQL Injection Cheat Sheet? An SQL injection cheat sheet is a resource in which you can find detailed technical information about the many different variants of the SQL Injection vulnerability.
SQL Injection - Time and Boolean basedBee box is a great VM to learn and exploit web application vulnerabilities specially OWASP top 10’s. It’s usual that tester will try to find the same vulnerabilities on the live websites after mastering it on local.
Out-of-Band (OOB) SQL InjectionOut-of-Band (OOB) SQL Injection is not a new attack and the discussion is started a few years ago. Purpose of the write-up is sharing and summarize findings during research. For detailed discussion of the research may refers to paper which is published at Academia and Zenodo.
Understanding the full potential of sqlmap during bug bounty huntingSwiss army knife for SQL Injection attacks, sqlmap was first developed in 2006 by Daniele Bellucci and later maintained by Bernardo Damele and Miroslav Stampar.
SQL injection to RCEIn the next lines I will expose a case that I experimented in a customer penetration testing days ago, in my opinion was interest how I needed concatenate a few factors to get the RCE. For obvious reasons, some customer data will be anonymized.
SQL injection cheat sheetThis contains examples of useful syntax that you can use to perform a variety of tasks that often arise when performing SQL injection attacks. You can concatenate together multiple strings to make a single string.
SQL Injection - Time and Boolean basedBee box is a great VM to learn and exploit web application vulnerabilities specially OWASP top 10’s. It’s usual that tester will try to find the same vulnerabilities on the live websites after mastering it on local.
Making a Blind SQL Injection a Little Less BlindSomeone told me the other day that “no-one does SQL Injection by hand any more”. I want to tell you about a SQL Injection bug that I found and exploited manually. Disclaimer: for the most part, I’m going to take you down the ‘happy path’ here.
Comprehensive Guide to Sqlmap (Target Options)Hello everyone. This article will focus on a category of sqlmap commands called the “target commands.” Many might not have tried these commands but they can be proved very useful in corporate world.
SQL Injection 101: Common Defense Methods Hackers Should Be Aware OfStored procedures are batches of SQL statements stored as objects in the database system that are later called upon to be executed.
Barebones Application Security — SQL Injection (SQLi)We’re roughly halfway through this series on basic security steps for Startups to take. After introducing the series, we covered Cross Site Scripting (XSS) and then Cross Site Request Forgery (CSRF).
Welcome to the NetSPI SQL Injection Wiki!This wiki's mission is to be a one stop resource for fully identifying, exploiting, and escalating SQL injection vulnerabilities across various Database Management Systems (DBMS).
Efficient Time Based Blind SQL Injection using MySQL Bit Functions and OperatorsI was performing some penetration tests in 2011 – 2012 against various PHP applications integrated with MySQL databases which were vulnerable to Time Based Blind SQL Injection.
BSQLinjector – Blind SQL Injection Tool Download in RubyBSQLinjector is an easy to use Blind SQL Injection tool in Ruby, that uses blind methods to retrieve data from SQL databases. The download is below. The author recommends using the “--test” switch to clearly see how configured payload looks like before sending it to an application.
SQL Attack (Constraint-based)It is good to know that nowadays, developers have started paying attention to security while building websites. Almost everyone is aware of SQL Injection.
Full MSSQL Injection PWNage|=--------------------------------------------------------------------=| |=----------------=[ Full MSSQL Injection PWNage ]=-----------------=| |=-----------------------=[ 28 January 2009 ]=------------------------=| |=-----------------