A somewhat curated list of links to various topics in application security.
| Item | Link | Excerpt |
|---|---|---|
| 1 | SQL Injection Cheat Sheet by Netsparker | |
| 2 | Vulnerability analysis, Security Papers, Exploit Tutorials - Part 12975 | |
| 3 | SQL Injection Cheatsheet 2021 | |
| 4 | https://medium.com/bugbountywriteup/sql-injection-time-and-boolean-based-27239b6a55e8?source=twitterShare-1764222123d3-1576594710&_referrer=twitter&_branch_match_id=732557985002302401 | |
| 5 | https://link.medium.com/q4mazES8o2 | |
| 6 | https://portswigger.net/web-security/sql-injection/cheat-sheet | |
| 7 | https://link.medium.com/0Scc0MzsTU | |
| 8 | SQL Injection Cheatsheet 2021 | SQL Injection Cheatsheet 2021 https://ift.tt/ZhuNDrm |
| 9 | ssrf | ssrf https://ift.tt/vybYKpI |
| 10 | How to turn SQL injection into an RCE or a file read? Case study of 128 bug bounty reports | How to turn SQL injection into an RCE or a file read? Case study of 128 bug bounty reports https://www.youtube.com/watch?v=ClnVdYf4PK0 |
| 11 | SQL Injection in GraphQL | SQL Injection in GraphQL https://ift.tt/N4wgjpv |
| 12 | DVWA 1.9+: Blind SQL Injection with SQLMap | Welcome back. In the previous article we’ve covered manual SQL Injection with the help of OWASP ZAP. In this article we’ll hack DVWA’s… |
| 13 | Exploiting Error Based SQL Injections & Bypassing Restrictions | In this article, we will be learning how to escalate attacks when we are stuck with Error Based SQL Injections. Before diving in, let’s… |
| 14 | Exploiting second order blind SQL injection | Recently hackerone organized a online CTF called 12 days of hacky holiday CTF. |
| 15 | https://secnhack.in/website-penetration-testing-and-database-hacking-with-sqlmap/ | |
| 16 | Union SQLi Challenges (Zixem Write-up) | I’ve always avoided learning more about SQL Injections, since they’ve always seemed like quite a daunting part of Infosec. Because of this… |
| 17 | Identifying & Exploiting SQL Injection: Manual & Automated | In this article, we will start by Identifying the SQL Injection vulnerabilities & how to exploit the vulnerable application. Further, we… |
| 18 | SQL Injection Cheat Sheet by Netsparker | The SQL Injection Cheat Sheet is the definitive resource for all the technical details about the different variants of the well-known SQLi vulnerability. |
| 19 | https://medium.com/bugbountywriteup/sql-injection-time-and-boolean-based-27239b6a55e8?source=twitterShare-1764222123d3-1576594710&_referrer=twitter&_branch_match_id=732557985002302401 | |
| 20 | Out-of-Band (OOB) SQL Injection | Out-of-Band (OOB) SQL Injection is not a new attack and the discussion is started a few years ago. Purpose of the write-up is sharing and… |
| 21 | Understanding the full potential of sqlmap during bug bounty hunting | Offensive website security Bug bounty Ethical hacking |
| 22 | SQL injection to RCE | In the next lines I will expose a curious case that I experimented in a customer penetration testing days ago… |
| 23 | SQL injection cheat sheet | Web Security Academy | This SQL injection cheat sheet contains examples of useful syntax that you can use to perform a variety of tasks that often arise when performing SQL ... |
| 24 | SQL Injection - Time and Boolean based | Bee box is a great VM to learn and exploit web application vulnerabilities specially OWASP top 10’s. It’s usual that tester will try to… |
| 25 | Making a Blind SQL Injection a Little Less Blind | Someone told me the other day that “no-one does SQL Injection by hand any more”. I want to tell you about a SQL Injection bug that I found… |
| 26 | Comprehensive Guide to Sqlmap (Target Options) | Hello everyone. This article will focus on a category of sqlmap commands called the “target commands. |
| 27 | SQL Injection 101: Common Defense Methods Hackers Should Be Aware Of | Database technology has vastly improved the way we handle vast amounts of data, and almost every modern application utilizes it in one way or another. But the widespread use of databases naturally ... |
| 28 | Barebones Application Security — SQL Injection (SQLi) | We’re roughly halfway through this series on basic security steps for Startups to take. After introducing the series, we covered Cross Site… |
| 29 | SQL Injection Wiki | A one stop resource for fully identifying, exploiting, and escalating SQL injection vulnerabilities across various Database Management Systems. |
| 30 | Efficient Time Based Blind SQL Injection using MySQL Bit Functions and Oper | |
| 31 | BSQLinjector – Blind SQL Injection Tool Download in Ruby | BSQLinjector is an easy to use Blind SQL Injection tool in Ruby, that uses blind methods to retrieve data from SQL databases. The download is below. The author recommends using the '--test' switch to clearly see how configured payload looks like before sending it to an application. What is Blind SQL Injection? Blind SQL Injection is a type of SQL Injection (SQLi) attack that asks the database true or false questions and determines the answer based on the application's response. This attack is often used when the web application is configured to show generic error messages but has not mitigated |
| 32 | SQL Attack (Constraint-based) - Dhaval Kapil | Demonstrating a constraint-based SQL Attack |
| 33 | Vulnerability analysis, Security Papers, Exploit Tutorials - Part 12975 |