appsec.fyi

A somewhat curated list of links to various topics in application security.

SQL Injection

ItemLinkExcerpt
1SQL Injection Cheat Sheet by Netsparker
2Vulnerability analysis, Security Papers, Exploit Tutorials - Part 12975
3SQL Injection Cheatsheet 2021
4https://medium.com/bugbountywriteup/sql-injection-time-and-boolean-based-27239b6a55e8?source=twitterShare-1764222123d3-1576594710&_referrer=twitter&_branch_match_id=732557985002302401
5https://link.medium.com/q4mazES8o2
6https://portswigger.net/web-security/sql-injection/cheat-sheet
7https://link.medium.com/0Scc0MzsTU
8SQL Injection Cheatsheet 2021SQL Injection Cheatsheet 2021 https://ift.tt/ZhuNDrm
9ssrfssrf https://ift.tt/vybYKpI
10How to turn SQL injection into an RCE or a file read? Case study of 128 bug bounty reportsHow to turn SQL injection into an RCE or a file read? Case study of 128 bug bounty reports https://www.youtube.com/watch?v=ClnVdYf4PK0
11SQL Injection in GraphQLSQL Injection in GraphQL https://ift.tt/N4wgjpv
12DVWA 1.9+: Blind SQL Injection with SQLMapWelcome back. In the previous article we’ve covered manual SQL Injection with the help of OWASP ZAP. In this article we’ll hack DVWA’s…
13Exploiting Error Based SQL Injections & Bypassing RestrictionsIn this article, we will be learning how to escalate attacks when we are stuck with Error Based SQL Injections. Before diving in, let’s…
14Exploiting second order blind SQL injectionRecently hackerone organized a online CTF called 12 days of hacky holiday CTF.
15https://secnhack.in/website-penetration-testing-and-database-hacking-with-sqlmap/
16Union SQLi Challenges (Zixem Write-up)I’ve always avoided learning more about SQL Injections, since they’ve always seemed like quite a daunting part of Infosec. Because of this…
17Identifying & Exploiting SQL Injection: Manual & AutomatedIn this article, we will start by Identifying the SQL Injection vulnerabilities & how to exploit the vulnerable application. Further, we…
18SQL Injection Cheat Sheet by NetsparkerThe SQL Injection Cheat Sheet is the definitive resource for all the technical details about the different variants of the well-known SQLi vulnerability.
19https://medium.com/bugbountywriteup/sql-injection-time-and-boolean-based-27239b6a55e8?source=twitterShare-1764222123d3-1576594710&_referrer=twitter&_branch_match_id=732557985002302401
20Out-of-Band (OOB) SQL InjectionOut-of-Band (OOB) SQL Injection is not a new attack and the discussion is started a few years ago. Purpose of the write-up is sharing and…
21Understanding the full potential of sqlmap during bug bounty huntingOffensive website security Bug bounty Ethical hacking
22SQL injection to RCEIn the next lines I will expose a curious case that I experimented in a customer penetration testing days ago…
23SQL injection cheat sheet | Web Security AcademyThis SQL injection cheat sheet contains examples of useful syntax that you can use to perform a variety of tasks that often arise when performing SQL ...
24SQL Injection - Time and Boolean basedBee box is a great VM to learn and exploit web application vulnerabilities specially OWASP top 10’s. It’s usual that tester will try to…
25Making a Blind SQL Injection a Little Less BlindSomeone told me the other day that “no-one does SQL Injection by hand any more”. I want to tell you about a SQL Injection bug that I found…
26Comprehensive Guide to Sqlmap (Target Options)Hello everyone. This article will focus on a category of sqlmap commands called the “target commands.
27SQL Injection 101: Common Defense Methods Hackers Should Be Aware OfDatabase technology has vastly improved the way we handle vast amounts of data, and almost every modern application utilizes it in one way or another. But the widespread use of databases naturally ...
28Barebones Application Security — SQL Injection (SQLi)We’re roughly halfway through this series on basic security steps for Startups to take. After introducing the series, we covered Cross Site…
29SQL Injection WikiA one stop resource for fully identifying, exploiting, and escalating SQL injection vulnerabilities across various Database Management Systems.
30Efficient Time Based Blind SQL Injection using MySQL Bit Functions and Oper
31BSQLinjector – Blind SQL Injection Tool Download in RubyBSQLinjector is an easy to use Blind SQL Injection tool in Ruby, that uses blind methods to retrieve data from SQL databases. The download is below. The author recommends using the '--test' switch to clearly see how configured payload looks like before sending it to an application. What is Blind SQL Injection? Blind SQL Injection is a type of SQL Injection (SQLi) attack that asks the database true or false questions and determines the answer based on the application's response. This attack is often used when the web application is configured to show generic error messages but has not mitigated
32SQL Attack (Constraint-based) - Dhaval KapilDemonstrating a constraint-based SQL Attack
33Vulnerability analysis, Security Papers, Exploit Tutorials - Part 12975