A somewhat curated list of links to various topics in application security.
| Link | Excerpt | Word Count |
|---|---|---|
| Full MSSQL Injection PWNage | |=--------------------------------------------------------------------=| |=----------------=[ Full MSSQL Injection PWNage ]=-----------------=| |=-----------------------=[ 28 January 2009 ]=------------------------=| |=---------------------=[ By CWH Underground ]=---------------------=| |=------ | 8810 |
| About the Invicti SQL injection cheat sheet | Currently, this SQL injection cheat sheet contains information for MySQL, Microsoft SQL Server, and some limited information for ORACLE, PostgreSQL, and SQLite. | 4751 |
| SQL Attack (Constraint-based) | It is good to know that nowadays, developers have started paying attention to security while building websites. Almost everyone is aware of SQL Injection. | 712 |
| BSQLinjector – Blind SQL Injection Tool Download in Ruby | BSQLinjector is an easy to use Blind SQL Injection tool in Ruby, that uses blind methods to retrieve data from SQL databases. The download is below. The author recommends using the “--test” switch to clearly see how configured payload looks like before sending it to an application. | 141 |
| Barebones Application Security | We’re roughly halfway through this series on basic security steps for Startups to take. After introducing the series, we covered Cross Site Scripting (XSS) and then Cross Site Request Forgery (CSRF). | 871 |
| https://stealingthe.network/efficient-time-based-blind-sql-injection-using-mysql-bit-functions-and-operators/ | 0 | |
| Welcome to the NetSPI SQL Injection Wiki! | This wiki's mission is to be a one stop resource for fully identifying, exploiting, and escalating SQL injection vulnerabilities across various Database Management Systems (DBMS). | 120 |
| SQL Injection 101: Common Defense Methods Hackers Should Be Aware Of | Database technology has vastly improved the way we handle vast amounts of data, and almost every modern application utilizes it in one way or another. But the widespread use of databases naturally invites a slew of vulnerabilities and attacks to occur. | 1108 |
| Comprehensive Guide to Sqlmap (Target Options) | Hello everyone. This article will focus on a category of sqlmap commands called the “target commands.” Many might not have tried these commands but they can be proved very useful in corporate world. | 144 |
| Making a Blind SQL Injection a Little Less Blind | Someone told me the other day that “no-one does SQL Injection by hand any more”. I want to tell you about a SQL Injection bug that I found and exploited manually. Disclaimer: for the most part, I’m going to take you down the ‘happy path’ here. | 2119 |
| https://link.medium.com/0Scc0MzsTU | 0 | |
| SQL injection cheat sheet | This SQL injection cheat sheet contains examples of useful syntax that you can use to perform a variety of tasks that often arise when performing SQL injection attacks. You can concatenate together multiple strings to make a single string. | 611 |
| https://medium.com/bugbountywriteup/sql-injection-to-lfi-to-rce-536bed29a862 | 0 | |
| Understanding the full potential of sqlmap during bug bounty hunting | Swiss army knife for SQL Injection attacks, sqlmap was first developed in 2006 by Daniele Bellucci and later maintained by Bernardo Damele and Miroslav Stampar. | 1731 |
| https://link.medium.com/q4mazES8o2 | 0 | |
| https://medium.com/bugbountywriteup/sql-injection-time-and-boolean-based-27239b6a55e8?source=twitterShare-1764222123d3-1576594710&_referrer=twitter&_branch_match_id=732557985002302401 | 0 | |
| https://hackersonlineclub.com/sql-injection-cheatsheet/ | 0 | |
| vavkamil/awesome-bugbounty-tools | A curated list of various bug bounty tools ReconSubdomain Enumeration Port Scanning Screenshots Technologies Content Discovery Links Parameters Fuzzing ExploitationCommand Injection CORS Misconfiguration CRLF Injection CSRF Injection Directory Traversal File Inclusion GraphQL Injection Header Inject | 4230 |
| https://link.medium.com/d30FnknTbdb | 0 | |
| https://link.medium.com/t0dgez8Tbdb | 0 | |
| https://secnhack.in/website-penetration-testing-and-database-hacking-with-sqlmap/ | 0 | |
| https://link.medium.com/voxUHjIDidb | 0 | |
| https://link.medium.com/Y8r2RcJDidb | 0 | |
| DVWA 1.9+: Blind SQL Injection with SQLMap | Welcome back. In the previous article we’ve covered manual SQL Injection with the help of OWASP ZAP. In this article we’ll hack DVWA’s Blind SQL Injection with the help of SQLMap, one of the most powerful tools of our toolbelt. | 787 |
| https://0xgad.medium.com/sql-injection-in-graphql-2859c96547a8 | 0 | |
| yeswehack/vulnerable-code-snippets | YesWeHack present code snippets containing several different vulnerabilities to practice your code analysis in a safe dockerized envoriment. The vulnerable code snippets are suitable for all skill levels. | 830 |
| 👩💻IW Weekly #39 : $10,000 Bounty, Zero-click Account Takeover, Stored XSS, Open Redirection Vulnerability, SQL Injection, RCE, Reconnaissance Techniques, and much more… | Welcome to the #IWWeekly39 - the Monday newsletter that brings the best in Infosec straight to your inbox. IWCON2022 finally came to a glorious end ❤️ Thank you for joining us. | 657 |
| How to turn SQL injection into an RCE or a file read? Case study of 128 bug bounty reports | 📚 Access full case study here: https://members.bugbountyexplained.com/sqli-case-study/ 📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣 Follow me on Twitter: https://bbre.dev/tw This video is a part of the case study of 128 SQ | 0 |
| NucleiFuzzer - Powerful Automation Tool For Detecting XSS, SQLi, SSRF, Open-Redirect, Etc.. Vulnerabilities In Web Applications | NucleiFuzzer is an automation tool that combines ParamSpider and Nuclei to enhance web application security testing. It uses ParamSpider to identify potential entry points and Nuclei's templates to scan for vulnerabilities. | 227 |