SQL Injection
SQL injection (SQLi) is the insertion of malicious SQL queries via input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify or delete records, execute administrative operations, and in some cases issue commands to the operating system.
Despite being one of the oldest web vulnerability classes, SQL injection continues to appear in modern applications — particularly in legacy codebases, custom query builders, and applications that construct SQL through string concatenation rather than parameterized queries. Second-order SQLi, where the payload is stored first and executed later in a different context, is especially difficult to detect with automated scanners.
SQLi techniques have evolved well beyond simple UNION SELECT attacks. Blind SQLi uses boolean conditions or time delays to extract data one bit at a time. Error-based injection leverages database error messages to leak information. Out-of-band SQLi exfiltrates data through DNS or HTTP requests initiated by the database. Each database engine — MySQL, PostgreSQL, MSSQL, Oracle, SQLite — has its own syntax quirks and exploitation techniques.
Modern WAFs and prepared statements have reduced the attack surface, but bypasses are regularly discovered through encoding tricks, comment injection, and parser differentials between the WAF and the database.
This page collects SQLi techniques, cheat sheets, bypass methods, and real-world exploitation writeups across all major database platforms.
From OWASP
| Date Added | Link | Excerpt |
|---|---|---|
| 2026-04-29 NEW 2026 | CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure news AI | Writeup of CVE-2026-42208 in LiteLLM, an SQL injection vulnerability in the proxy API key verification. Attackers exploited this flaw rapidly, within 36 hours of its disclosure, targeting sensitive data like virtual API keys and provider credentials by crafting malicious Authorization headers. The vulnerability affected LiteLLM versions 1.81.16 to 1.83.6 and was patched in 1.83.7. → securityaffairs.com |
| 2026-04-29 NEW 2026 | LiteLLM exploited within 36 hours of disclosure via SQL injection bug news AI | Library vulnerability: CVE-2026-42208 in LiteLLM, an LLM proxy, allowed attackers to read and modify database data, accessing provider credentials like those from OpenAI and Anthropic, and exposing sensitive IP and employee data. Exploitation occurred within 36 hours of disclosure, highlighting the accelerating trend of rapid weaponization enabled by AI, outpacing previous vulnerability disclosure timelines. → scworld.com |
| 2026-04-29 NEW 2026 | Fresh LiteLLM Vulnerability Exploited Shortly After Disclosure news AI | Library for securing AI gateways; a critical-severity SQL injection vulnerability (CVE-2026-42208, CVSS 9.3) in LiteLLM allowed unauthenticated attackers to exfiltrate database credentials and API keys by exploiting the proxy API key verification process. Attacks were observed shortly after disclosure, targeting database tables containing sensitive information. LiteLLM version 1.83.7 resolves this by properly parameterizing database queries. → securityweek.com |
| 2026-04-29 NEW 2026 | 38 Vulnerabilities Found in OpenEMR Medical Software news Mobile | Analysis of OpenEMR reveals 38 CVE-assigned vulnerabilities, including critical SQL injection flaws (CVE-2026-24908, CVE-2026-23627) allowing database compromise and PHI exfiltration, and an authorization bypass (CVE-2026-24487) exposing patient data. These issues, primarily stemming from authorization flaws, were identified by Aisle and have since been patched by OpenEMR developers. → securityweek.com |
| 2026-04-29 NEW 2026 | LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure news | Writeup of CVE-2026-42208, a critical SQL injection vulnerability in BerriAI's LiteLLM Python package, actively exploited within 36 hours of disclosure. The flaw, affecting versions between 1.81.16 and 1.83.7, allowed unauthenticated attackers to modify the LiteLLM proxy database, potentially accessing and altering credentials for LLM providers like OpenAI, Anthropic, and AWS. Exploitation attempts targeted tables such as `litellm_credentials.credential_values`, suggesting attackers sought to compromise cloud-grade credentials managed by the AI gateway. → thehackernews.com |
| 2026-04-28 NEW 2026 | Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw news | Library for securing LiteLLM, an open-source LLM gateway, against the CVE-2026-42208 pre-authentication SQL injection vulnerability. Attackers exploit this flaw in the API key verification step to access and modify sensitive data, including API keys, credentials, and environment secrets. The vulnerability allows unauthorized access to the proxy and managed credentials, with active exploitation observed targeting specific tables containing secrets from providers like OpenAI and Anthropic. A fix is available in LiteLLM version 1.83.7. → bleepingcomputer.com |
| 2026-04-28 NEW 2026 | Critical LiteLLM SQL Injection Vulnerability Exploited in the Wild news | A critical SQL injection vulnerability in LiteLLM has been exploited in the wild. This flaw allows attackers to inject malicious SQL code, potentially leading to unauthorized data access or modification. Details are limited, but the discovery highlights a significant security risk for users of LiteLLM. Further information on the specific exploit and mitigation strategies is expected. → cybersecuritynews.com |
| 2026-04-28 NEW 2026 | Critical LiteLLM SQL Injection Vulnerability Exploited in the Wild news | A critical SQL injection vulnerability has been discovered in LiteLLM, an open-source LLM application. This vulnerability has reportedly been exploited in the wild, meaning attackers have already taken advantage of it. The exact nature of the exploitation and its impact are not detailed in the provided text, beyond the classification of "critical." Further information regarding the vulnerability and potential mitigation steps is available through the provided link. → cyberpress.org |
| 2026-04-28 NEW 2026 | Critical LiteLLM Flaw Enables Database Attacks Through SQL Injection news | A critical vulnerability has been discovered in LiteLLM, an open-source library facilitating access to various LLM APIs. This flaw allows for SQL injection attacks, potentially enabling unauthorized access and manipulation of backend databases. Researchers have disclosed this vulnerability, highlighting the significant security risk it poses to applications using LiteLLM. Details of the vulnerability and its implications were published, emphasizing the need for prompt patching and security updates. No specific payout amount was mentioned in the provided content. → gbhackers.com |
| 2026-04-28 NEW 2026 | LiteLLM Contains Critical SQL Injection Vulnerability news API Sec | LiteLLM, a popular open-source library for interacting with large language models, has a critical SQL injection vulnerability. This flaw could allow attackers to execute arbitrary SQL commands, potentially leading to data theft or unauthorized modifications. The vulnerability is found in the library's handling of user inputs. Further details can be found at the provided link. → letsdatascience.com |
| 2026-04-23 2026 | LangChain framework hit by several worrying security issues here's what we know news | LangChain framework hit by several worrying security issues — here's what we know https://ift.tt/XaO0IvB → msn.com |
| 2026-04-22 2026 | CVE-2025-1094: PostgreSQL SQL Injection Vulnerability news | Writeup of CVE-2025-1094, a critical SQL injection vulnerability in PostgreSQL affecting PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() functions, as well as the psql terminal. Exploitation is possible through improper neutralization of quoting syntax and invalid multibyte characters, potentially leading to arbitrary code execution. Versions prior to 17.3, 16.7, 15.11, 14.16, and 13.19 are affected. |
| 2026-04-22 2026 | SQLMap Tamper Collection: Modern WAF Bypass Scripts (Cloudflare, AWS, Azure) intermediate | Library for context-aware SQL transformation and WAF bypass, supporting Cloudflare, AWS, and Azure. It features a full SQL lexer with UUID tracking, multi-character operator support, and deterministic output preserving SQL validity. Transformations include keyword wrapping, space replacement, value encoding, and case alternation, with advanced options like homoglyphs and numeric obfuscation. The framework maintains SQL structure, handles nested subqueries, and offers reapplication protection, designed primarily for MySQL syntax. |
| 2026-04-22 2026 | SQL Injection and Postgres: An Adventure to Eventual RCE intermediate | Library for leveraging PostgreSQL functions to achieve Remote Code Execution (RCE) via SQL Injection. This resource details exploiting an ORDER BY clause injection in a Flask application, demonstrating techniques for data exfiltration using error messages and the `query_to_xml` function to bypass row limitations and achieve command execution as the database user. |
| 2026-04-22 2026 | Pentesting PostgreSQL with SQL Injections intermediate | Library for analyzing and exploiting SQL injection vulnerabilities specifically targeting PostgreSQL. It details bypass methods for web application firewalls, techniques for data exfiltration across various query clauses including SELECT, WHERE, FROM, and ORDER BY, and demonstrates how to exploit nested queries. The resource covers bypassing spaces, trailing data, quotation marks using dollar quoting or `CHR()` function, and utilizes time-based blind SQL injection with concatenation and conditional logic for data leakage. → onsecurity.io |
| 2026-04-22 2026 | NoSQL Injection: Advanced Exploitation Guide advanced | Guide to exploiting NoSQL injection vulnerabilities, detailing how improper input sanitization allows attackers to bypass authentication on MongoDB and other databases. It covers identifying injections by manipulating syntax and using operators like `$gt` and `$ne`, and demonstrates advanced techniques such as extracting data through time delays using the `$where` operator. → intigriti.com |
| 2026-04-22 2026 | Exploits Explained: NoSQL Injection Returns Private Information beginner | Writeup detailing a NoSQL injection vulnerability discovered in an application's `/api/[CLIENT_NAME]/Customers` and `/api/[CLIENT_NAME]/CustomerLogins` endpoints. The author leveraged MongoDB query operators, specifically `gt`, to bypass filters and extract sensitive PII, including email addresses, usernames, password hashes, and phone numbers, from the administrator user. The exploit involved manipulating the `$filter` parameter to retrieve data beyond the intended scope. |
| 2026-04-22 2026 | CVE-2025-52694 PoC: Critical SQL Injection in Advantech IoTSuite/SaaS-Composer news | Toolchain for CVE-2025-52694, a critical unauthenticated SQL Injection vulnerability impacting Advantech IoTSuite/SaaS-Composer products prior to specific versions. The PoC offers a standalone Python script for time-based SQL injection tests and a nuclei template utilizing a clusterbomb attack to discover vulnerable `org_id` values. Exploitation allows for database dumping, data modification, and potential RCE by unsafely concatenating the `filename` parameter into PostgreSQL queries. |
| 2026-04-22 2026 | MCP Vulnerability Case Study: SQL Injection in the Postgres MCP Server intermediate | Writeup on a SQL injection vulnerability in Anthropic's reference Postgres MCP server, allowing arbitrary SQL execution by terminating the read-only transaction with a `COMMIT;` statement. Though deprecated, the `@modelcontextprotocol/server-postgres` NPM package and `mcp/postgres` Docker image see significant weekly downloads. The vulnerability is patched in the Zed Industries fork (`@zeddotdev/postgres-context-server` v0.1.4) and an unreleased reference implementation. Users should avoid the deprecated server for sensitive data and consider the Zed Industries fork for mitigation. → securitylabs.datadoghq.com |
| 2026-04-22 2026 | BWAFSQLi: Bypassing Web Application Firewall with Adversarial SQL Injections advanced | BWAFSQLi: Bypassing Web Application Firewall with Adversarial SQL Injections → dl.acm.org |
| 2026-04-19 2026 | Unauthenticated SQL Injection in GUI — Fortinet PSIRT intermediate | Analysis of unauthenticated SQL injection in FortiWeb's GUI, allowing code execution via crafted HTTP/HTTPS requests. This vulnerability (CWE-89) has been observed exploited in the wild, with a workaround involving disabling the administrative interface. The report originates from Fortinet PSIRT, with credit to Kentaro Kawane. |
| 2026-04-19 2026 | CVE-2025-1094 WebSocket and SQL Injection Exploit Script news | Exploit script for CVE-2025-1094, a PostgreSQL vulnerability enabling SQL Injection to achieve Remote Code Execution. This proof of concept demonstrates hijacking WebSocket connections after injecting malicious SQL using `lo_export` to read sensitive files, ultimately establishing a reverse shell. The script requires configuration of attacker IP/port, target URL, and WebSocket URL. |
| 2026-04-19 2026 | CVE-2025-1094: PostgreSQL psql SQL Injection (Fixed) — Rapid7 news | Analysis of CVE-2025-1094, a high-severity SQL injection vulnerability in PostgreSQL's psql tool, impacting versions prior to 17.3, 16.7, 15.11, 14.16, and 13.19. Discovered by Rapid7, this flaw, with a CVSS 3.1 score of 8.1, arises from improper handling of escaped untrusted input containing invalid UTF-8 characters. Exploitation can lead to arbitrary code execution via meta-commands or arbitrary SQL statement execution. This vulnerability was found to be a prerequisite for exploiting CVE-2024-12356 against BeyondTrust products, though both are now patched. → rapid7.com |
| 2026-04-19 2026 | PostgreSQL CVE-2025-1094: Quoting APIs SQL Injection intermediate | Library detailing SQL injection vulnerabilities in PostgreSQL's quoting APIs, specifically PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn(). The vulnerability, identified as CVE-2025-1094, allows attackers to inject SQL when application inputs are constructed into psql commands. It also affects command-line utilities under specific client and server encoding conditions (BIG5, EUC_TW, MULE_INTERNAL). Versions prior to PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 are affected. |
| 2026-04-19 2026 | CVE-2025-26794: Blind SQL Injection in Exim 4.98 — Writeup intermediate | Writeup detailing CVE-2025-26794, a blind SQL injection vulnerability in Exim 4.98 when SQLite is used as the DBM. The vulnerability arises from unsanitized SQL parameters within the ETRN command's semaphore handling in `hintsdb.h`, allowing remote users to craft malicious SQLite queries. This writeup covers the exploitation vector via the ETRN command to manipulate Exim's internal SQLite database, potential impacts including DoS and hypothetical RCE, and provides a Docker lab for reproduction. |
| 2026-04-17 2026 | April 2026 Patch Tuesday: Critical Vulnerabilities in SAP Adobe Microsoft SharePoint Fortinet and ColdFusion Threaten Enterprise Security news | Advisory detailing critical vulnerabilities patched in April 2026 across SAP Business Planning and Consolidation (CVE-2026-27681, SQL injection), Adobe Acrobat Reader (CVE-2026-34621, RCE, actively exploited), Adobe ColdFusion (CVE-2026-34619, CVE-2026-27304, CVE-2026-27305, CVE-2026-27282, CVE-2026-27306, path traversal, ACE), Fortinet FortiSandbox (CVE-2026-39813, CVE-2026-39808, path traversal, command injection), and Microsoft SharePoint Server (CVE-2026-32201, spoofing, data exposure, actively exploited), posing risks of data exfiltration and system compromise. → rescana.com |
| 2026-04-16 2026 | SQLMap Cheat Sheet: Commands, Options, and Advanced Features intermediate | Cheatsheet detailing sqlmap commands, options, and advanced features for automating SQL injection detection and exploitation. It covers system requirements, installation, various SQLi attack techniques including in-band (error-based, union-based, stacked queries, inline queries), out-of-band, inferential (boolean, time-based), and compound attacks, alongside essential options for reconnaissance, enumeration, and vulnerability scanning. |
| 2026-04-16 2026 | Identifying SQL Injections in a GraphQL API intermediate | Writeup detailing a time-based SQL injection vulnerability discovered in a GraphQL API backed by a PostgreSQL database. The technique involves intercepting requests via Burp Suite, altering client-generated search terms with SQL payloads, and analyzing response times to confirm command execution and enumerate database schema. The writeup also touches on potential for privilege escalation and RCE via CVE-2019–9193, and reiterates parameterized queries as a key mitigation. |
| 2026-04-16 2026 | SQL Injection Cheat Sheet - Invicti beginner | Library of SQL injection payloads and techniques for MySQL, Microsoft SQL Server, Oracle, PostgreSQL, and SQLite, offering detailed technical information and attack vectors. This resource is useful for penetration testers and developers interested in web application security, covering exploitation methods like UNION attacks, blind SQL injection with IF statements and CASE expressions, hex value usage, string concatenation, and error-based injection, also noting the role of DAST tools like Invicti for automated detection. → invicti.com |
| 2026-04-16 2026 | Exploiting Time-Based SQL Injections: Data Exfiltration intermediate | Exploiting Time-Based SQL Injections: Data Exfiltration |
| 2026-04-16 2026 | Second-Order SQL Injection with Stored Procedures and DNS-Based Egress advanced | Writeup detailing the detection and exploitation of a second-order SQL injection vulnerability, leveraging Out-of-Band (OOB) techniques via DNS exfiltration. The technique involves exploiting a Microsoft Excel report export feature where a crafted payload in the date parameter, when processed by the `xp_dirtree` stored procedure, triggers DNS requests to an attacker-controlled server. This allows for the disclosure of sensitive database information, including usernames and tables, by chaining SQL Server UNC Path Injection with DNS-based data exfiltration. |
| 2026-04-16 2026 | When the Database Won't Talk: A Deep Dive into Blind SQLi intermediate | Reference detailing Blind SQL Injection techniques, including Boolean-based, Time-based with SQL variants like `SLEEP()` and `pg_sleep()`, and Out-of-Band (OOB) methods involving DNS or HTTP callbacks. It highlights attacker exploitation methods and defense strategies such as parameterized queries, input sanitization, and monitoring for inconsistent behavior, response time variations, or external service interactions. The entry also mentions the Hadrian platform for detecting these vulnerabilities. |
| 2026-04-16 2026 | Advanced Boolean-Based SQLi Filter Bypass Techniques advanced | Technique for bypassing libinjection filters in Web Application Firewalls using advanced boolean-based SQL injection. This method leverages MySQL string functions like `INSERT`, `REPEAT`, `REPLACE`, `RIGHT`, `WEIGHT_STRING`, conditional constructs such as `IF` statements, and the `RLIKE` operator for bruteforcing hashed passwords. It also incorporates comments and assignment operators (`:=`) within SQL syntax to evade detection by security tools. |
| 2026-04-16 2026 | WAF Bypass Techniques for SQL Injection intermediate | WAF Bypass Techniques for SQL Injection |
| 2026-04-16 2026 | Exploiting Second-Order SQL Injection to Retrieve the Flag intermediate | Exploiting Second-Order SQL Injection to Retrieve the Flag |
| 2026-04-16 2026 | Exploiting SQL Injection Vulnerability - Bug Bounty Writeup intermediate | Exploiting SQL Injection Vulnerability - Bug Bounty Writeup |
| 2026-04-16 2026 | LangChain framework hit by several worrying security issues here's what we know news | LangChain framework hit by several worrying security issues — here's what we know https://ift.tt/ENiUzLF → msn.com |
| 2026-04-15 2026 | SAP Security Patch Day April 2026: Critical Vulnerabilities CVSS 9.9 SQL Injection and Authorization Risks news | Analysis of SAP Security Patch Day April 2026 highlights critical vulnerabilities, including a CVSS 9.9 SQL injection in SAP Business Planning and Consolidation and SAP Business Warehouse, allowing authenticated users to execute arbitrary SQL. A high-severity authorization flaw in SAP ERP and SAP S/4HANA, with a CVSS of 7.1, permits authenticated users to overwrite existing executable reports. Medium-priority issues affect SAP BusinessObjects BI Platform with denial-of-service and SAP Human Capital Management for SAP S/4HANA with information disclosure. Practitioners like SecurityBridge, Pathlock, and Layer Seven Security detail exploitation paths, internal authorization risks, and cross-layer exposure across SAP environments. |
| 2026-04-15 2026 | FortiClient Hit by Severe SQL Injection Vulnerability Enabling Database Intrusion news | FortiClient Hit by Severe SQL Injection Vulnerability Enabling Database Intrusion https://ift.tt/ENselVr → gbhackers.com |
| 2026-04-14 2026 | CISA Warns of Fortinet SQL Injection Vulnerability Actively Exploited in Attacks news | CISA Warns of Fortinet SQL Injection Vulnerability Actively Exploited in Attacks https://ift.tt/HrQnkXP → cybersecuritynews.com |
| 2026-04-14 2026 | SAP Patch Day Fixes Critical SQL Injection DoS and Code Injection Flaws news | SAP Patch Day Fixes Critical SQL Injection, DoS, and Code Injection Flaws https://ift.tt/wOQTGjW → gbhackers.com |
| 2026-04-14 2026 | SAP Patch Day Fixes Critical SQL Injection DoS and Code Injection Flaws news | SAP Patch Day Fixes Critical SQL Injection, DoS, and Code Injection Flaws https://ift.tt/lgQwt4L → cyberpress.org |
| 2026-04-14 2026 | CISA Warns of Fortinet SQL Injection Flaw Actively Exploited in Attacks news | CISA Warns of Fortinet SQL Injection Flaw Actively Exploited in Attacks https://ift.tt/kN2acMA → cyberpress.org |
| 2026-04-14 2026 | CISA Warns Fortinet SQL Injection Flaw Is Being Actively Exploited news | CISA Warns Fortinet SQL Injection Flaw Is Being Actively Exploited https://ift.tt/3sSd5jK → gbhackers.com |
| 2026-04-14 2026 | SAP Patch Day Fixes Critical SQL Injection DoS and Code Injection Flaws news | SAP Patch Day Fixes Critical SQL Injection, DoS, and Code Injection Flaws https://ift.tt/QS2AJx7 → cyberpress.org |
| 2026-04-11 2026 | 400K WordPress Sites Exposed by Elementor Ally Plugin SQL Flaw news | Library vulnerability in Elementor's Ally plugin, tracked as CVE-2026-2413, exposes over 400,000 WordPress sites to SQL injection attacks. Exploitable without authentication when the Remediation module is active, the flaw allows attackers to steal sensitive data like password hashes by manipulating database queries through crafted URL parameters. Elementor has released a patch, and users are advised to update the plugin, disable unused features, deploy a WAF, and enforce least privilege for database accounts. → esecurityplanet.com |
| 2026-04-10 2026 | SQL Injection in 2026: It Took One Apostrophe intermediate | SQL Injection in 2026: It Took One Apostrophe |
| 2026-04-10 2026 | Advanced SQL Injection Techniques in Modern Web Apps advanced | Writeup detailing advanced SQL injection techniques like second-order, time-based blind, and WAF bypasses through encoding and case variation. It emphasizes prevention strategies such as parameterized queries, strict input validation, and least privilege for database users, and mentions tools like SQLi Detector for automated testing, highlighting real-world applications in e-commerce platforms, CMS systems, and API endpoints. |
| 2026-04-10 2026 | Bypassing WAF with Adversarial SQL intermediate | Bypassing WAF with Adversarial SQL → dl.acm.org |
| 2026-04-10 2026 | WAF Bypass Using JSON-Based SQL Injection Attacks intermediate | Library entry detailing a WAF bypass technique using JSON-based SQL injection, building on research that found major vendors like Palo Alto Network, AWS, Cloudflare, F5, and Imperva failed to properly inspect JSON payloads. This method exploits the compatibility of databases such as PostgreSQL and MySQL with JSON, allowing malicious SQL commands to evade detection by many Web Application Firewalls. → picussecurity.com |
| 2026-04-10 2026 | SQL Injection Security Vulnerabilities beginner | SQL Injection Security Vulnerabilities |
| 2026-04-10 2026 | CVE Search: SQL Injection news | CVE Search: SQL Injection |
| 2026-04-10 2026 | SQL Injection - OWASP beginner | Reference on SQL Injection attacks, detailing how attackers insert malicious SQL queries into application inputs to access, modify, or delete sensitive database data. It covers common attack vectors, the high severity risk associated with these vulnerabilities, and provides examples of exploitation in PHP, ASP, J2EE, and ASP.NET applications. The OWASP resource also points to prevention strategies like parameterized SQL statements and code review guides. → owasp.org |
| 2026-04-10 2026 | SQL Injection Tutorial & Examples - PortSwigger beginner | Tutorial on SQL injection covers its definition, methods for finding and exploiting vulnerabilities such as retrieving hidden data, subverting application logic with UNION attacks, and blind SQL injection. It details manual detection techniques like using single quotes, SQL syntax, boolean conditions, and time delays, and mentions Burp Scanner for automated detection. The resource also addresses injection in different parts of SQL queries, including WHERE, UPDATE, INSERT, SELECT, and ORDER BY clauses, and provides practical examples. → portswigger.net |
| 2026-04-10 2026 | CVE-2026-26116: SQL Server SQL Injection news | Writeup of CVE-2026-26116, a SQL Injection vulnerability affecting Microsoft SQL Server. Exploiting CWE-89, an authenticated attacker can elevate privileges over a network by manipulating SQL commands. Attackers with low-privilege accounts can craft malicious SQL statements to bypass authorization, access sensitive data, or gain administrative control. Mitigation involves applying Microsoft security updates, implementing parameterized queries, restricting network access, and enabling comprehensive auditing. → sentinelone.com |
| 2026-04-10 2026 | SQL Injection 2025 Advanced Exploitation & Defense Guide advanced | Guide to advanced SQL injection exploitation and defense, detailing techniques like error-based, union-based, boolean-based, time-based blind, and out-of-band methods. It covers database-specific exploitation for MySQL and MSSQL, including file I/O, User-Defined Functions, and `xp_cmdshell`. The guide emphasizes the critical need for proper data sanitization and robust database security measures to prevent vulnerabilities such as CVE-2025-57423. |
| 2026-04-10 2026 | CVE-2025-25257: Critical SQLi in Fortinet FortiWeb news | Library of detection rules and threat intelligence for CVE-2025-25257, a critical SQL injection vulnerability in Fortinet FortiWeb. This unauthenticated flaw, rated 9.6 CVSS, allows arbitrary SQL command execution and potential remote code execution via crafted HTTP/HTTPS requests. The library offers curated detection algorithms compatible with SIEM, EDR, and Data Lake formats, mapped to MITRE ATT&CK, and enriched with CTI, attack timelines, and triage recommendations. It also features Uncoder AI for automated IOC conversion and detection rule generation from threat reports. |
| 2026-04-09 2026 | Claude Code Executes SQL Injection via CLAUDE.md news | Claude Code Executes SQL Injection via CLAUDE.md https://ift.tt/4pAwbMP → letsdatascience.com |
| 2026-04-09 2026 | Multiple SonicWall Vulnerabilities Enable SQL Injection and Privilege Escalation Attacks news | Multiple SonicWall Vulnerabilities Enable SQL Injection and Privilege Escalation Attacks https://ift.tt/7D4rhpX → cybersecuritynews.com |
| 2026-04-09 2026 | Multiple SonicWall Vulnerabilities Enable SQL Injection and Privilege Escalation news | Multiple SonicWall Vulnerabilities Enable SQL Injection and Privilege Escalation https://ift.tt/fMHBmC1 → cyberpress.org |
| 2026-04-09 2026 | Multiple SonicWall Flaws Enable SQL Injection and Privilege Escalation Attacks news | Multiple SonicWall Flaws Enable SQL Injection and Privilege Escalation Attacks https://ift.tt/IWwTAuM → gbhackers.com |
| 2026-04-06 2026 | SQL Injection (SQLi) Guide - SecPortal beginner | SQL Injection (SQLi) Guide - SecPortal |
| 2026-04-06 2026 | CVE-2026-27697: Basercms SQLi Vulnerability news | Writeup of CVE-2026-27697, an unauthenticated SQL injection vulnerability affecting baserCMS versions prior to 5.2.3. Exploitation allows attackers to manipulate database queries through the blog posts functionality, potentially leading to unauthorized data access, modification, or deletion. The vulnerability stems from improper input validation and can be mitigated by upgrading to baserCMS 5.2.3 or later, implementing WAF rules, or temporarily disabling the blog posts feature. → sentinelone.com |
| 2026-04-06 2026 | CVE-2026-5197: Student Membership System SQLi Vulnerability news | Writeup of CVE-2026-5197, a SQL injection vulnerability in code-projects Student Membership System 1.0. The flaw in `/delete_user.php` allows remote authenticated attackers to inject malicious SQL commands via the ID parameter, potentially leading to unauthorized data access, modification, or deletion. Exploitation involves manipulating database queries using techniques like UNION-based or boolean-based blind injection. Mitigation includes implementing prepared statements, strict input validation, or WAF rules. → sentinelone.com |
| 2026-04-06 2026 | WAF Testing Guide: How to Validate Web Application Firewalls intermediate | Guide to validating Web Application Firewalls (WAFs) using Breach and Attack Simulation (BAS). This approach continuously tests WAF efficacy against real-world attack payloads, including obfuscated SQL injection, XSS, RCE, and SSRF variants, as well as protocol-level vulnerabilities like HTTP vs. HTTPS inspection gaps. Agent-based BAS offers deterministic validation by isolating WAF behavior, providing accurate metrics on prevention rates, detection rates, and mitigation gaps without risking production environments. → picussecurity.com |
| 2026-04-06 2026 | Bug Bounty Bootcamp #29: Boolean Blind SQL Injection Part 2 intermediate | Bug Bounty Bootcamp #29: Boolean Blind SQL Injection Part 2 → infosecwriteups.com |
| 2026-04-03 2026 | What is SQL Injection? How to Prevent SQL Injection | Fortinet beginner | What is SQL Injection? How to Prevent SQL Injection | Fortinet |
| 2026-04-03 2026 | Bypassing WAFs in 2025: New Techniques and Evasion Tactics advanced | Bypassing WAFs in 2025: New Techniques and Evasion Tactics |
| 2026-04-03 2026 | 7 Types of SQL Injection Attacks & How to Prevent Them beginner | Library detailing seven types of SQL injection attacks, including classic and blind SQLi. It explains how these attacks exploit un-sanitized user inputs to manipulate databases, leading to unauthorized access and data breaches. Prevention methods discussed include input sanitization, parameterized queries, least privilege access, and the use of Web Application Firewalls (WAFs). → sentinelone.com |
| 2026-04-03 2026 | SQLi Payloads - Classic, Blind, Error-Based, Time-Based, WAF Bypass intermediate | Library of SQL injection payloads and techniques, covering classic, blind, error-based, and time-based methods. Includes bypass strategies for Web Application Firewalls (WAFs) and showcases tools like SQLMap, jSQL Injection, BBQSQL, and NoSQLMap for exploitation and scanning. Techniques range from simple character injections and comments to advanced blind SQL-bitshifting and server-time-based attacks, with examples for MySQL, MariaDB, and more. |
| 2026-04-03 2026 | SQL Injection for Bug Bounty Hunters | YesWeHack beginner | Guide on SQL injection techniques for bug bounty hunters, covering blind SQLi, time-based attacks, and out-of-band callbacks. It details how to tailor payloads to SQL statements, integrate detection into bug bounty workflows, and exploit SQLi even in hardened systems, referencing vulnerabilities like CVE-2022-21661 in WordPress. → yeswehack.com |
| 2026-04-03 2026 | Exploiting an SQL Injection with WAF Bypass intermediate | Tool for bypassing Web Application Firewalls (WAFs) to exploit SQL injection vulnerabilities. The process involves identifying a potential SQL injection using Burp Suite, confirming it manually via Burp Repeater, and then configuring sqlmap with specific techniques (`--technique=B`), exclusion strings (`--not-string`), proxy settings (`--proxy`), and modifying the User-Agent header to evade WAF detection. This enables successful exploitation of boolean-based blind SQL injection flaws. → vaadata.com |
| 2026-04-03 2026 | SQL Injection Bypassing WAF | OWASP intermediate | Guide on bypassing Web Application Firewalls (WAFs) for SQL Injection attacks, detailing techniques like normalization vulnerabilities, HTTP Parameter Pollution (HPP), HTTP Parameter Fragmentation (HPF), and blind SQL injection exploitation. It covers various WAF bypassing strings and payload variations for common database functions and operators, illustrating how to evade signature-based detection and exploit application logic flaws. → owasp.org |
| 2026-04-03 2026 | PayloadsAllTheThings - SQL Injection beginner | Reference detailing SQL Injection (SQLi) techniques, including entry point detection, DBMS identification, authentication bypass using tautologies and UNION queries, blind injection, error-based and timing attacks, and specific vulnerabilities like those affecting PDO prepared statements and WAF bypasses. It features tools such as sqlmap and ghauri, and discusses the impact of password hashing and salts on modern authentication bypass methods. |
| 2026-04-02 2026 | New "LeakyLooker" Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries news | Writeup detailing nine "LeakyLooker" vulnerabilities in Google Looker Studio, including cross-tenant unauthorized access, zero-click SQL injection on database connectors and stored credentials, SQL injection on BigQuery and Spanner through native functions and custom queries, data source leaks via hyperlinks and image rendering, XS leaks with timing oracles, and denial of wallet. These flaws could allow attackers to exfiltrate, insert, and delete data across various Google Cloud Platform services, impacting databases like BigQuery, Spanner, PostgreSQL, and MySQL. → thehackernews.com |
| 2025-08-14 2025 | NucleiFuzzer - Powerful Automation Tool For Detecting XSS, SQLi, SSRF, Open intermediate Fuzzing SSRF XSS | "NucleiFuzzer is an automation tool designed for detecting vulnerabilities like XSS, SQLi, SSRF, and Open. It offers powerful capabilities for automated security testing." → kitploit.com |
| 2025-08-14 2025 | https://weekly.infosecwriteups.com/iw-weekly-39-10-000-bounty-zero-click-account-takeover-stored-xss-open-redirection-vulnerability-sql-injection-rce-reconnaissance-techniques-and-much-more/ news RCE XSS | Writeup detailing a $10,000 bounty for a Facebook Reels crop/trim feature flaw, Zoom stored XSS, Facebook zero-click account takeover, io_uring Use-After-Free (CVE-2022-2602), Apple subdomain open redirection, and GraphQL pentesting. It also covers insecure CORS configurations, bug bounty automation, smart contract vulnerabilities, HTTP Basic Auth, SQL injection to RCE (CVE-2022-44015), RFC analysis, CTF challenges, CodeQL for GraphQL, reconnaissance techniques, SSRF, and EVM chain vulnerability analysis. |
| 2025-08-14 2025 | https://github.com/yeswehack/vulnerable-code-snippets beginner SSRF XSS | Library of vulnerable code snippets for practicing application security analysis. This collection includes examples of Broken access control (CWE-284), SQL injection (CWE-89), Cross-Site Scripting (CWE-79), Server-Side Template Injection (CWE-1336), and many other common vulnerabilities, all runnable within an isolated Docker environment. New snippets are released weekly, and users can suggest additions via GitHub issues. |
| 2025-08-14 2025 | SQL Injection Wiki beginner | Library for identifying, exploiting, and escalating SQL injection vulnerabilities across various Database Management Systems. This comprehensive resource is structured to follow a typical escalation path, offering detailed information on techniques applicable to different versions of SQL databases. Contributions are welcomed via GitHub. |
| 2025-08-14 2025 | http://www.darknet.org.uk/2017/09/bsqlinjector-blind-sql-injection-tool-download-ruby/ intermediate | Tool written in Ruby for performing blind SQL injection. BSQLinjector identifies vulnerabilities by posing true/false questions to the database and analyzing application responses, a technique useful when generic error messages obscure traditional SQLi. Users can employ the `--test` switch to preview payloads before execution. This tool offers an alternative to automated solutions like sqlmap for blind SQL injection scenarios. |
| 2025-08-14 2025 | SQL Attack (Constraint-based) - Dhaval Kapil intermediate | Library for exploiting SQL constraint-based vulnerabilities, similar to SQL injection but distinct. This technique leverages trailing whitespace trimming and `VARCHAR` length constraints in databases like MySQL and SQLite. An attacker can register a username with trailing spaces followed by a different character, tricking the application into inserting it and allowing them to authenticate as an existing user. Defense strategies include implementing `UNIQUE` constraints on relevant columns, using `id` as primary keys, and manually trimming input parameters. |
| 2025-08-14 2025 | SQL Injection Cheat Sheet by Netsparker beginner | Library for SQL injection techniques, this cheat sheet details payloads and technical information for exploiting variants against MySQL, Microsoft SQL Server, Oracle, PostgreSQL, and SQLite. It covers UNION-based attacks, conditional statements like IF and CASE, hexadecimal encoding, and string manipulation methods to bypass filters. The resource also highlights the utility of Dynamic Application Security Testing (DAST) tools, such as Invicti and Acunetix, for automating the discovery and exploitation of SQL injection vulnerabilities. |
| 2025-08-14 2025 | Vulnerability analysis, Security Papers, Exploit Tutorials - Part 12975 beginner | Library detailing MSSQL injection techniques, including basic SQL injection, blind SQL injection, and advanced methods utilizing extended stored procedures. It covers testing for vulnerabilities, bypassing authentication, evading audit logs, and includes a cheat sheet for MSSQL queries and countermeasures, as well as a Perl script for finding vulnerable sites. → exploit-db.com |
| 2025-08-14 2025 | SQL Injection Cheatsheet 2021 beginner | Library containing SQL injection payloads and techniques, detailing in-band (Error-based, Union-based), inferential (Boolean-based, Time-based), and out-of-band methods. It includes best practices for prevention such as parameterized queries, input validation, stored procedures, least privilege, and WAFs, alongside specific payloads for authentication bypass and error-based extraction. |
| 2025-08-14 2025 | https://medium.com/bugbountywriteup/sql-injection-time-and-boolean-based-27239b6a55e8?source=twitterShare-1764222123d3-1576594710&_referrer=twitter&_branch_match_id=732557985002302401 intermediate | The content discusses SQL injection vulnerabilities, specifically focusing on time-based and boolean-based techniques. It explains how these methods can be exploited to manipulate database queries and extract sensitive information. The article likely provides examples, demonstrations, and insights on how to identify and mitigate SQL injection vulnerabilities in web applications. It is a valuable resource for bug bounty hunters, security researchers, and developers looking to enhance their understanding of SQL injection attacks. |
| 2025-08-14 2025 | https://vavkamil.cz/2019/10/09/understanding-the-full-potential-of-sqlmap-during-bug-bounty-hunting/ intermediate Bug Bounty | The content discusses maximizing the capabilities of SQLmap for bug bounty hunting. It covers understanding SQL injection vulnerabilities, using SQLmap to automate the process of exploiting these vulnerabilities, and tips for effective bug bounty hunting. The article emphasizes the importance of thorough testing and proper understanding of SQLmap's features to achieve successful results in identifying and exploiting vulnerabilities. It provides insights into leveraging SQLmap effectively to enhance bug bounty hunting efforts and improve the overall security posture of web applications. |
| 2025-08-14 2025 | https://portswigger.net/web-security/sql-injection/cheat-sheet beginner | Cheatsheet of SQL injection syntax for common attack tasks, including string concatenation, substring extraction, query truncation with comments, database version and content enumeration, conditional errors, batched queries, time delays, DNS lookups, and DNS lookup with data exfiltration, useful for formulating complex attacks and exfiltrating sensitive information. → portswigger.net |
| 2025-08-14 2025 | SQL Injection 101: Common Defense Methods Hackers Should Be Aware Of beginner | Reference detailing common SQL injection defense methods including user input escaping, whitelisting, stored procedures, and prepared statements. It emphasizes the principle of least privilege for database accounts and outlines techniques such as parameterized queries to distinguish between code and data, thereby mitigating risks associated with SQL injection vulnerabilities. → null-byte.wonderhowto.com |
| 2024-12-31 2024 | GitHub - danialhalo/SqliSniper: Advanced Time-based Blind SQL Injection fuzzer for HTTP Headers intermediate Fuzzing Python | Tool for advanced time-based blind SQL injection fuzzing in HTTP headers. SqliSniper leverages multi-threading for rapid scanning and incorporates response time analysis to reduce false positives. It offers configurable payloads, custom headers, and direct Discord notifications for detected vulnerabilities, making it an efficient solution for security assessments. |
| 2024-11-13 2024 | SQLMap Command Generator beginner | SQLMap Command Generator |
| 2024-08-22 2024 | BChecks/vulnerability-classes/injection at main · PortSwigger/BChecks · GitHub intermediate Burp RCE XSS | BChecks collection for Burp Suite Professional and Burp Suite Enterprise Edition - PortSwigger/BChecks |
| 2023-11-07 2023 | 9 SQLi Detection Tools You Need to Know in 2023 beginner | Library of 9 SQLi detection tools for 2024, including SQLMap, Invicti, Burp Suite, jSQL Injection, Appsider, Acunetix, Qualys WAS, HCL AppScan, and Imperva. These tools automate the identification and remediation of SQL injection vulnerabilities in web applications and APIs, mitigating risks such as data theft and unauthorized access. |
| 2023-10-05 2023 | Writeups for Damn Vulnerable Web Application (DVWA) beginner XSS | Writeups for Damn Vulnerable Web Application (DVWA) https://ift.tt/b6djesM |
| 2023-09-22 2023 | How to turn SQL injection into an RCE or a file read? Case study of 128 bug bounty reports intermediate Bug Bounty RCE Talks | The content discusses techniques for leveraging SQL injection vulnerabilities to achieve Remote Code Execution (RCE) or unauthorized file reads. It presents a case study based on 128 bug bounty reports, likely demonstrating real-world examples of such exploits. Viewers can gain insights into the process of escalating SQL injection vulnerabilities into more severe security breaches. The content is likely to provide practical examples and strategies for security researchers or professionals interested in understanding and mitigating these types of cyber threats. |
| 2023-09-03 2023 | TryHackMe | SQHell beginner | Try and find all the flags in the SQL Injections |
| 2023-06-08 2023 | Test website for SQL injection vulnerabilities using Python intermediate Python | Test website for SQL injection vulnerabilities using Python https://ift.tt/msKlYeM |
| 2023-06-01 2023 | Demystifying SQL Injection: A Comprehensive Guide to Understanding SQL Injection Risks beginner | Guide to understanding SQL injection risks, detailing in-band, out-of-band, error-based, union-based, time-based, and boolean-based attack techniques. It includes practical examples, like injecting malicious code into search bars and exploiting vulnerabilities such as the Heartland Payment Systems breach, alongside prevention strategies. |
| 2023-05-27 2023 | open-appsec ML-based WAF protects against modern SQLi AutoSpear evasion techniques news API Sec | Library protecting against advanced SQL injection evasion techniques, including those from the AutoSpear project. It utilizes machine learning to identify non-legitimate payloads rather than relying solely on traditional parsing and rule sets. This approach effectively counters evolving evasion methods like case swapping, whitespace substitution, comment injection, and various encoding combinations that bypass other WAF solutions such as AWS, Fortinet, F5, CloudFlare, and ModSecurity. |
| 2023-04-18 2023 | Tag Archives: SQL Injection beginner | Library for securing Open Data Protocol (OData) connections, building on techniques used to mitigate SQL injection. It acts as an intermediate security layer, applying fine-grained constraints to OData API calls and masking query results based on user entitlements. This is demonstrated with a policy controlling access to the Netflix OData API, restricting minors to G or PG-13 rated movies, and includes authentication, authorization, and auditing of connections. |
| 2023-04-18 2023 | [ODATA-1110] Provide guidance for sql-injection type attacks beginner | [ODATA-1110] Provide guidance for sql-injection type attacks https://ift.tt/9J5LIQb |
| 2023-04-18 2023 | http://dl.packetstormsecurity.net/papers/attack/wp-pentesters-guide-to-hacking-odata.pdf beginner | https://ift.tt/m9noWGI |
| 2023-04-02 2023 | How I Found Multiple SQL Injections in 5 Minutes in Bug Bounty intermediate Bug Bounty | How I Found Multiple SQL Injections in 5 Minutes in Bug Bounty https://ift.tt/8yQVgw5 |
| 2022-11-03 2022 | SQL Injection in GraphQL intermediate | The content discusses the vulnerability of SQL injection in GraphQL, a query language for APIs. This security risk can occur when user input is not properly sanitized, allowing malicious actors to manipulate queries and potentially access or modify sensitive data in the database. It emphasizes the importance of input validation and sanitization to prevent SQL injection attacks in GraphQL applications. |
| 2022-04-11 2022 | Favorite tweet by @harshbothra_ beginner | Favorite tweet: 12 Free Practice Labs to Master SQL Injection 🧵 — Harsh Bothra (@harshbothra_) Apr 11, 2022 |
| 2022-01-16 2022 | How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes intermediate Fuzzing Recon | How I Found multiple SQL Injection with FFUF and Sqlmap in a few minutes |
| 2022-01-07 2022 | Advanced SQL Injection Cheatsheet advanced | Cheatsheet detailing advanced SQL injection techniques. It covers finding injection points, understanding website behavior, enumerating data, bypassing Web Application Firewalls (WAFs), and dumping databases. Methodologies include Error- or UNION-based, Boolean-based (content-based) Blind SQLi, and Time-based SQLi, along with stabilizing injections and bypassing whitespace filters. Privilege escalation and Local File Inclusion (LFI) are also addressed. |
| 2021-11-13 2021 | Web Attack Cheat Sheet beginner API Sec Bug Bounty XSS | Cheatsheet detailing web attack techniques and tools, covering discovery, enumeration, scanning, monitoring, and attack methods. It includes specific vulnerabilities such as SSRF, XXE, OAuth, DNS Rebinding, HTTP/SMTP Header Injection, Web Shell, Reverse Shell, SQLi, XSS, XPath Injection, Path Traversal, LFI, SSTI, Information Disclosure, and WebDAV. The resource also lists generic tools for reconnaissance and attack surface mapping, including those for identifying Cloudflare origin IPs and mapping CIDR ranges. |
| 2021-10-04 2021 | 10 Types of Web Vulnerabilities that are Often Missed beginner Bug Bounty IDOR SSRF XSS | Library detailing overlooked web vulnerabilities, including HTTP/2 Smuggling exploiting frontend/backend parsing differences, XXE via Office Open XML parsers by crafting malicious OOXML files, SSRF via XSS in PDF generators leveraging headless browser execution for internal resource access, and XSS via SVG files where image upload functionality is present. The resource highlights these as being a step beyond common OWASP Top 10 issues due to obscure delivery methods or common misunderstandings. → labs.detectify.com |
| 2021-04-16 2021 | DVWA 1.9+: Blind SQL Injection with SQLMap intermediate | The content discusses performing Blind SQL Injection on DVWA 1.9+ using SQLMap. It follows a previous article on manual SQL Injection with OWASP ZAP. The focus is on hacking DVWA through Blind SQL Injection techniques. |
| 2021-01-24 2021 | Exploiting Error Based SQL Injections & Bypassing Restrictions intermediate | The article discusses advancing attacks when encountering Error Based SQL Injections. It aims to provide insights on bypassing restrictions in such scenarios. The content likely includes strategies for exploiting vulnerabilities and overcoming limitations in SQL injection attacks. |
| 2021-01-24 2021 | Exploiting second order blind SQL injection intermediate | Hackerone hosted an online Capture The Flag (CTF) event named "12 days of hacky holiday CTF." |
| 2021-01-23 2021 | https://secnhack.in/website-penetration-testing-and-database-hacking-with-sqlmap/ intermediate | The content discusses website penetration testing and database hacking using a tool called SQLMap. It covers the process of identifying vulnerabilities in websites, exploiting them to gain unauthorized access to databases, and extracting sensitive information. The article provides a step-by-step guide on how to perform these tasks using SQLMap, a popular tool for automated SQL injection and database takeover. It emphasizes the importance of ethical hacking practices and the need for organizations to secure their websites and databases against potential cyber threats. |
| 2021-01-20 2021 | Identifying & Exploiting SQL Injection: Manual & Automated intermediate | The article discusses identifying and exploiting SQL Injection vulnerabilities in applications. It covers methods for recognizing these vulnerabilities and exploiting them. The content likely includes manual and automated approaches for detecting and taking advantage of SQL Injection weaknesses in software systems. |
| 2020-04-17 2020 | SQL Injection Cheat Sheet by Netsparker beginner | Library: Invicti SQL Injection Cheat Sheet, this resource offers detailed technical information and attack payloads for testing various SQL injection vulnerabilities across MySQL, Microsoft SQL Server, Oracle, PostgreSQL, and SQLite. It covers techniques such as UNION attacks, stacked queries, boolean-based blind SQL injection using IF and CASE statements, and bypassing filters with hex encoding and string concatenation. The cheat sheet also highlights the utility of DAST tools like Invicti and Acunetix for automating SQLi detection. |
| 2019-12-29 2019 | https://medium.com/bugbountywriteup/sql-injection-time-and-boolean-based-27239b6a55e8?source=twitterShare-1764222123d3-1576594710&_referrer=twitter&_branch_match_id=732557985002302401 intermediate | The content discusses SQL injection vulnerabilities, specifically focusing on time-based and boolean-based techniques. It explains how attackers can exploit these vulnerabilities to manipulate database queries and gain unauthorized access to sensitive information. The article likely provides examples, explanations, and possibly mitigation strategies for preventing SQL injection attacks. |
| 2019-11-17 2019 | Understanding the full potential of sqlmap during bug bounty hunting intermediate Bug Bounty | The content discusses utilizing sqlmap, a tool for detecting and exploiting SQL injection vulnerabilities, in bug bounty hunting and ethical hacking for offensive website security. It emphasizes understanding the full potential of sqlmap to effectively identify and exploit vulnerabilities. The focus is on leveraging this tool to enhance security testing efforts and maximize the outcomes of bug bounty programs. |
| 2019-10-05 2019 | SQL injection to RCE advanced RCE | The content discusses a case of SQL injection leading to Remote Code Execution (RCE) discovered during a recent customer penetration testing exercise. The author will detail the scenario in the following lines. |
| 2018-07-29 2018 | Making a Blind SQL Injection a Little Less Blind intermediate | The content discusses the author's experience finding a SQL Injection bug despite the belief that manual SQL Injections are no longer common. The author aims to shed light on this issue and shares insights on how to make a Blind SQL Injection less challenging. |
| 2018-07-19 2018 | Comprehensive Guide to Sqlmap (Target Options) intermediate | The article discusses the "target commands" in sqlmap, a tool for SQL injection attacks. These commands are used to specify the target website or application for the attack. Understanding and utilizing these commands effectively is crucial for successful SQL injection testing. |
| 2018-06-26 2018 | SQL Injection 101: Common Defense Methods Hackers Should Be Aware Of beginner | Library on SQL injection defense methods, discussing user input escaping with MySQL examples, whitelisting versus blacklisting, stored procedures, and the superiority of prepared statements using parameterized queries. It also emphasizes the principle of least privilege for database accounts and separate users for different applications to minimize attack impact. → null-byte.wonderhowto.com |
| 2018-05-10 2018 | Barebones Application Security — SQL Injection (SQLi) beginner | The content discusses basic security measures for startups, focusing on SQL Injection (SQLi) vulnerabilities. It is part of a series on application security, highlighting the importance of safeguarding against SQL injection attacks. The series aims to provide startups with essential steps to enhance their security posture. |
| 2018-01-11 2018 | SQL Injection Wiki beginner | Library: SQL Injection Wiki, a comprehensive resource for identifying, exploiting, and escalating SQL injection vulnerabilities across various Database Management Systems. This wiki follows a typical escalation path, assuming basic SQL injection knowledge, and includes version-specific query information. Contributions are welcomed via GitHub. |
| 2017-09-22 2017 | BSQLinjector – Blind SQL Injection Tool Download in Ruby intermediate | Library for performing Blind SQL Injection attacks in Ruby, BSQLinjector utilizes true/false queries to extract data from SQL databases when direct error messages are suppressed. Similar in function to sqlmap, it offers a `--test` switch to preview payloads before execution. |
| 2016-12-28 2016 | SQL Attack (Constraint-based) - Dhaval Kapil advanced | Writeup on SQL constraint-based attacks, demonstrating how trailing whitespace padding in SQL string comparisons and truncation of long strings in INSERT statements can be exploited. The attack allows an attacker to register a username with trailing spaces that is then effectively treated as an existing username due to SQL's whitespace handling. Subsequent logins can then be hijacked, as shown on MySQL and SQLite. Defenses include applying UNIQUE constraints to username columns and preferring IDs for data tracking. |
| 2016-04-20 2016 | Vulnerability analysis, Security Papers, Exploit Tutorials - Part 12975 news | Paper detailing advanced MSSQL injection techniques, including ODBC error message attacks, UNION attacks, and exploiting extended stored procedures. It covers blind SQL injection enumeration, explains common vulnerabilities in applications like Joomla, Mambo, and WordPress, and provides methods for testing for SQL injection flaws using single quotes and OR/AND operations. The document also touches upon audit log evasion and the creation of mass MSSQL injection worms, concluding with countermeasures against these attacks. → exploit-db.com |
Frequently Asked Questions
- What is SQL injection?
- SQL injection is a code injection technique where an attacker inserts malicious SQL statements into input fields or parameters that are incorporated into database queries. Successful exploitation can read, modify, or delete database data, and in some cases execute operating system commands.
- What is the difference between blind and error-based SQLi?
- Error-based SQLi extracts data through database error messages visible in the application response. Blind SQLi works when errors are suppressed — it infers data using boolean conditions (true/false responses) or time delays (e.g., IF condition THEN SLEEP(5)). Blind SQLi is slower but works in more restrictive environments.
- Are prepared statements enough to prevent SQLi?
- Prepared statements (parameterized queries) prevent classic SQLi in most cases. However, they cannot parameterize table names, column names, or ORDER BY clauses. Dynamic SQL built from these elements still requires allowlist validation. ORMs reduce risk but can be bypassed through raw query methods.
Weekly AppSec Digest
Get new resources delivered every Monday.