A somewhat curated list of links to various topics in application security.

SQL Injection

LinkExcerptWord Count
SQL Injection Cheatsheet 2021SQL Injection Cheatsheet is the great source to find the vulnerabilities and help to protect your website. SQL injection is one of the most common Website security Vulnerability. It is a code injection vulnerability that might dump your database.4921
How to turn SQL injection into an RCE or a file read? Case study of 128 bug bounty reports📚 Access full case study here: 📧 Subscribe to BBRE Premium: ✉️ Sign up for the mailing list: 📣 Follow me on Twitter: This video is a part of the case study of 128 SQ0
NucleiFuzzer - Powerful Automation Tool For Detecting XSS, SQLi, SSRF, Open-Redirect, Etc.. Vulnerabilities In Web ApplicationsNucleiFuzzer is an automation tool that combines ParamSpider and Nuclei to enhance web application security testing. It uses ParamSpider to identify potential entry points and Nuclei's templates to scan for vulnerabilities.227
Awesome Bug Bounty ToolsAwesome Bug Bounty Tools A curated list of various bug bounty tools Contents Recon Subdomain Enumeration Port Scanning Screenshots Technologies Content Discovery Links Parameters Fuzzing Exploitation Command Injection CORS Misconfiguration CRLF Injection CSRF Injection Directory Traversal File Inc3853
yeswehack/vulnerable-code-snippetsYesWeHack present code snippets containing several different vulnerabilities to practice your code analysis. The code snippets are beginner friendly but suitable for all levels!323
👩‍💻IW Weekly #39 : $10,000 Bounty, Zero-click Account Takeover, Stored XSS, Open Redirection Vulnerability, SQL Injection, RCE, Reconnaissance Techniques, and much more…Welcome to the #IWWeekly39 - the Monday newsletter that brings the best in Infosec straight to your inbox. IWCON2022 finally came to a glorious end ❤️ Thank you for joining us.657
SQL Injection in GraphQLGraphQL Was Initially Developed and Used By Facebook as an Internal Query Language and so The Features of GraphQL Mostly Revolve Around Internal and Development Areas. GraphQL Executes Queries Using a Type System With The Data Defined.446
DVWA 1.9+: Blind SQL Injection with SQLMapWelcome back. In the previous article we’ve covered manual SQL Injection with the help of OWASP ZAP. In this article we’ll hack DVWA’s Blind SQL Injection with the help of SQLMap, one of the most powerful tools of our toolbelt.776
Exploiting Error Based SQL Injections & Bypassing RestrictionsIn this article, we will be learning how to escalate attacks when we are stuck with Error Based SQL Injections. Before diving in, let’s quickly grasp the basics of Error-based SQLi.1473
Exploiting second-order blind SQL injectionRecently HackerOne organized an online CTF called 12 days of hacky holiday CTF. There was a total of 12 flags to be captured and for each flag, HackerOne gave a private program invitation on their platform.1364
Website Penetration Testing and Database Hacking with SqlmapHey Folks, in this tutorial we are going to demonstrate database hacking through one of the most valuable tool called is “sqlmap“.1314
Union SQLi Challenges (Zixem Write-up)I’ve always avoided learning more about SQL Injections, since they’ve always seemed like quite a daunting part of Infosec. Because of this, I finally decided to put in some time to an SQLi-focused wargame in order to sharpen my skills a little.1440
Identifying & Exploiting SQL Injections: Manual & AutomatedIn this article, we will start by Identifying the SQL Injection vulnerabilities & how to exploit the vulnerable application. Further, we will dive into the automated tool: Sqlmap, which will ease the attack escalation.1194
SQL Injection Cheat SheetWhat is an SQL Injection Cheat Sheet? An SQL injection cheat sheet is a resource in which you can find detailed technical information about the many different variants of the SQL Injection vulnerability.4052
Out-of-Band (OOB) SQL InjectionOut-of-Band (OOB) SQL Injection is not a new attack and the discussion is started a few years ago. Purpose of the write-up is sharing and summarize findings during research. For detailed discussion of the research may refers to paper which is published at Academia and Zenodo.831
Understanding the full potential of sqlmap during bug bounty huntingSwiss army knife for SQL Injection attacks, sqlmap was first developed in 2006 by Daniele Bellucci and later maintained by Bernardo Damele and Miroslav Stampar.1733
SQL injection to RCEIn the next lines I will expose a case that I experimented in a customer penetration testing days ago, in my opinion was interest how I needed concatenate a few factors to get the RCE. For obvious reasons, some customer data will be anonymized.673
SQL injection cheat sheetThis SQL injection cheat sheet contains examples of useful syntax that you can use to perform a variety of tasks that often arise when performing SQL injection attacks. You can concatenate together multiple strings to make a single string.526
Making a Blind SQL Injection a Little Less BlindSomeone told me the other day that “no-one does SQL Injection by hand any more”. I want to tell you about a SQL Injection bug that I found and exploited manually. Disclaimer: for the most part, I’m going to take you down the ‘happy path’ here.2128
Comprehensive Guide to Sqlmap (Target Options)Hello everyone. This article will focus on a category of sqlmap commands called the “target commands.” Many might not have tried these commands but they can be proved very useful in corporate world.143
SQL Injection 101: Common Defense Methods Hackers Should Be Aware OfDatabase technology has vastly improved the way we handle vast amounts of data, and almost every modern application utilizes it in one way or another. But the widespread use of databases naturally invites a slew of vulnerabilities and attacks to occur.1195
Barebones Application Security — SQL Injection (SQLi)We’re roughly halfway through this series on basic security steps for Startups to take. After introducing the series, we covered Cross Site Scripting (XSS) and then Cross Site Request Forgery (CSRF).866
Welcome to the NetSPI SQL Injection Wiki!This wiki's mission is to be a one stop resource for fully identifying, exploiting, and escalating SQL injection vulnerabilities across various Database Management Systems (DBMS).120
BSQLinjector – Blind SQL Injection Tool Download in RubyBSQLinjector is an easy to use Blind SQL Injection tool in Ruby, that uses blind methods to retrieve data from SQL databases. The download is below. The author recommends using the “--test” switch to clearly see how configured payload looks like before sending it to an application.141
SQL Attack (Constraint-based)It is good to know that nowadays, developers have started paying attention to security while building websites. Almost everyone is aware of SQL Injection.712
Full MSSQL Injection PWNage|=--------------------------------------------------------------------=| |=----------------=[ Full MSSQL Injection PWNage ]=-----------------=| |=-----------------------=[ 28 January 2009 ]=------------------------=| |=-----------------8810