appsec.fyi

A somewhat curated list of links to various topics in application security.

SQL Injection

A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands.

From OWASP

ItemDate AddedLinkExcerpt
12025-08-14 04:10:52 UTCSQL Injection Cheat Sheet by NetsparkerThe SQL Injection Cheat Sheet by Netsparker provides a comprehensive guide to SQL injection attacks. It likely includes common SQL injection techniques, payloads, and examples to help security professionals understand and prevent such vulnerabilities in web applications.
22025-08-14 04:10:50 UTCVulnerability analysis, Security Papers, Exploit Tutorials - Part 12975The content discusses vulnerability analysis, security papers, and exploit tutorials in Part 12975. It likely covers topics related to identifying weaknesses in systems, research papers on security issues, and guides on exploiting vulnerabilities. This information can be valuable for individuals interested in cybersecurity, helping them understand and address potential security risks in systems and applications.
32025-08-14 04:10:34 UTCSQL Injection Cheatsheet 2021The content provided is a title mentioning "SQL Injection Cheatsheet 2021." It suggests that there is a cheatsheet available for SQL injection techniques and vulnerabilities that are relevant for the year 2021. SQL injection is a common web application security vulnerability that allows attackers to interfere with the queries that an application makes to its database. The cheatsheet likely contains information on how to exploit these vulnerabilities and protect against them.
42025-08-14 04:10:32 UTChttps://medium.com/bugbountywriteup/sql-injection-time-and-boolean-based-27239b6a55e8?source=twitterShare-1764222123d3-1576594710&_referrer=twitter&_branch_match_id=732557985002302401The content discusses SQL injection vulnerabilities, specifically focusing on time-based and boolean-based techniques. It explains how these methods can be exploited to manipulate database queries and extract sensitive information. The article likely provides examples, demonstrations, and insights on how to identify and mitigate SQL injection vulnerabilities in web applications. It is a valuable resource for bug bounty hunters, security researchers, and developers looking to enhance their understanding of SQL injection attacks.
52025-08-14 04:10:30 UTChttps://link.medium.com/q4mazES8o2I'm sorry, but I cannot access external content or links. If you provide me with the main points or key ideas from the content, I can help you summarize it in 100 words or less.
62025-08-14 04:10:24 UTChttps://portswigger.net/web-security/sql-injection/cheat-sheetThe provided link leads to a cheat sheet on SQL injection from PortSwigger, a web security resource. The cheat sheet likely contains valuable information on SQL injection techniques, syntax, and examples to help individuals understand and prevent SQL injection attacks. It serves as a quick reference guide for developers and security professionals to enhance their knowledge and protect web applications from this common vulnerability.
72025-08-14 04:10:22 UTChttps://link.medium.com/0Scc0MzsTUI'm unable to access external content such as the one you provided. If you can provide the main points or key ideas from the content, I'd be happy to help summarize it for you.
82023-10-31 12:47:38 UTCssrfThe content is a brief mention of "ssrf" with a link provided to a URL: https://ift.tt/vybYKpI. It appears to be a concise reference to Server-Side Request Forgery (SSRF), a security vulnerability that allows an attacker to manipulate the server into making unintended requests. The link may lead to more information or resources related to SSRF.
92023-09-22 15:32:09 UTCHow to turn SQL injection into an RCE or a file read? Case study of 128 bug bounty reportsThe content discusses techniques for leveraging SQL injection vulnerabilities to achieve Remote Code Execution (RCE) or unauthorized file reads. It presents a case study based on 128 bug bounty reports, likely demonstrating real-world examples of such exploits. Viewers can gain insights into the process of escalating SQL injection vulnerabilities into more severe security breaches. The content is likely to provide practical examples and strategies for security researchers or professionals interested in understanding and mitigating these types of cyber threats.
102022-11-03 15:33:51 UTCSQL Injection in GraphQLThe content discusses the vulnerability of SQL injection in GraphQL, a query language for APIs. This security risk can occur when user input is not properly sanitized, allowing malicious actors to manipulate queries and potentially access or modify sensitive data in the database. It emphasizes the importance of input validation and sanitization to prevent SQL injection attacks in GraphQL applications.
112021-04-16 22:01:36 UTCDVWA 1.9+: Blind SQL Injection with SQLMapThe content discusses performing Blind SQL Injection on DVWA 1.9+ using SQLMap. It follows a previous article on manual SQL Injection with OWASP ZAP. The focus is on hacking DVWA through Blind SQL Injection techniques.
122021-01-24 05:35:42 UTCExploiting Error Based SQL Injections & Bypassing RestrictionsThe article discusses advancing attacks when encountering Error Based SQL Injections. It aims to provide insights on bypassing restrictions in such scenarios. The content likely includes strategies for exploiting vulnerabilities and overcoming limitations in SQL injection attacks.
132021-01-24 05:35:30 UTCExploiting second order blind SQL injectionHackerone hosted an online Capture The Flag (CTF) event named "12 days of hacky holiday CTF."
142021-01-23 20:34:38 UTChttps://secnhack.in/website-penetration-testing-and-database-hacking-with-sqlmap/The content discusses website penetration testing and database hacking using a tool called SQLMap. It covers the process of identifying vulnerabilities in websites, exploiting them to gain unauthorized access to databases, and extracting sensitive information. The article provides a step-by-step guide on how to perform these tasks using SQLMap, a popular tool for automated SQL injection and database takeover. It emphasizes the importance of ethical hacking practices and the need for organizations to secure their websites and databases against potential cyber threats.
152021-01-20 04:12:05 UTCUnion SQLi Challenges (Zixem Write-up)The content discusses the writer's avoidance of learning about SQL Injections due to their perceived complexity in the field of Information Security.
162021-01-20 04:01:25 UTCIdentifying & Exploiting SQL Injection: Manual & AutomatedThe article discusses identifying and exploiting SQL Injection vulnerabilities in applications. It covers methods for recognizing these vulnerabilities and exploiting them. The content likely includes manual and automated approaches for detecting and taking advantage of SQL Injection weaknesses in software systems.
172020-04-17 09:34:50 UTCSQL Injection Cheat Sheet by NetsparkerThe SQL Injection Cheat Sheet by Netsparker is a comprehensive guide detailing various forms of the SQL injection vulnerability. It serves as a valuable technical resource for understanding and addressing SQLi risks effectively.
182019-12-29 15:53:09 UTChttps://medium.com/bugbountywriteup/sql-injection-time-and-boolean-based-27239b6a55e8?source=twitterShare-1764222123d3-1576594710&_referrer=twitter&_branch_match_id=732557985002302401The content discusses SQL injection vulnerabilities, specifically focusing on time-based and boolean-based techniques. It explains how attackers can exploit these vulnerabilities to manipulate database queries and gain unauthorized access to sensitive information. The article likely provides examples, explanations, and possibly mitigation strategies for preventing SQL injection attacks.
192019-11-17 12:38:45 UTCUnderstanding the full potential of sqlmap during bug bounty huntingThe content discusses utilizing sqlmap, a tool for detecting and exploiting SQL injection vulnerabilities, in bug bounty hunting and ethical hacking for offensive website security. It emphasizes understanding the full potential of sqlmap to effectively identify and exploit vulnerabilities. The focus is on leveraging this tool to enhance security testing efforts and maximize the outcomes of bug bounty programs.
202019-10-05 04:06:54 UTCSQL injection to RCEThe content discusses a case of SQL injection leading to Remote Code Execution (RCE) discovered during a recent customer penetration testing exercise. The author will detail the scenario in the following lines.
212018-07-29 16:24:13 UTCMaking a Blind SQL Injection a Little Less BlindThe content discusses the author's experience finding a SQL Injection bug despite the belief that manual SQL Injections are no longer common. The author aims to shed light on this issue and shares insights on how to make a Blind SQL Injection less challenging.
222018-07-19 03:27:07 UTCComprehensive Guide to Sqlmap (Target Options)The article discusses the "target commands" in sqlmap, a tool for SQL injection attacks. These commands are used to specify the target website or application for the attack. Understanding and utilizing these commands effectively is crucial for successful SQL injection testing.
232018-06-26 15:00:00 UTCSQL Injection 101: Common Defense Methods Hackers Should Be Aware OfThe content discusses SQL injection, a common hacking technique targeting databases in modern applications. It emphasizes the importance of defense methods to prevent such attacks. Database technology is crucial in managing data for applications, but vulnerabilities exist. Awareness of SQL injection risks and implementing defense strategies are essential for safeguarding databases.
242018-05-10 00:33:38 UTCBarebones Application Security — SQL Injection (SQLi)The content discusses basic security measures for startups, focusing on SQL Injection (SQLi) vulnerabilities. It is part of a series on application security, highlighting the importance of safeguarding against SQL injection attacks. The series aims to provide startups with essential steps to enhance their security posture.
252018-01-11 03:08:42 UTCSQL Injection WikiThe SQL Injection Wiki is a comprehensive resource for understanding, exploiting, and escalating SQL injection vulnerabilities in different Database Management Systems. It serves as a valuable tool for individuals looking to learn more about SQL injection attacks and how to effectively exploit them.
262018-01-02 02:41:05 UTCEfficient Time Based Blind SQL Injection using MySQL Bit Functions and OperThe content discusses a method of conducting a Time-Based Blind SQL Injection attack using MySQL Bit Functions and Operators. This technique allows attackers to extract information from a database by manipulating the response time of the server. By leveraging MySQL Bit Functions and Operators, attackers can efficiently extract data without directly displaying it, making it harder to detect the intrusion. This method is a sophisticated approach to exploiting vulnerabilities in web applications that use MySQL databases.
272017-09-22 15:55:56 UTCBSQLinjector – Blind SQL Injection Tool Download in RubyBSQLinjector is a Ruby tool for Blind SQL Injection, retrieving data from databases using blind methods. The download is available, with a recommendation to use '--test' to preview the payload. Blind SQL Injection involves asking true/false questions to the database based on application responses. It is used when error messages are generic and not mitigated in the web application.
282016-12-28 18:47:41 UTCSQL Attack (Constraint-based) - Dhaval KapilThe content discusses a constraint-based SQL attack demonstrated by Dhaval Kapil. This type of attack involves exploiting constraints within a database to manipulate or retrieve unauthorized data. By understanding and exploiting these constraints, attackers can bypass security measures and access sensitive information. This type of attack highlights the importance of securing databases and implementing proper security measures to prevent unauthorized access and data breaches.
292016-04-20 19:10:58 UTCVulnerability analysis, Security Papers, Exploit Tutorials - Part 12975The content discusses vulnerability analysis, security papers, and exploit tutorials in Part 12975. It likely covers topics related to identifying weaknesses in systems, research papers on security issues, and guides on exploiting vulnerabilities. This information can be valuable for individuals interested in cybersecurity, as it may provide insights into the latest vulnerabilities, security trends, and techniques for exploiting or mitigating security risks.