A somewhat curated list of links to various topics in application security.
| Link | Excerpt | Word Count |
|---|---|---|
| SQL Injection Cheatsheet 2021 | SQL Injection Cheatsheet is the great source to find the vulnerabilities and help to protect your website. SQL injection is one of the most common Website security Vulnerability. It is a code injection vulnerability that might dump your database. | 4921 |
| How to turn SQL injection into an RCE or a file read? Case study of 128 bug bounty reports | 📚 Access full case study here: https://members.bugbountyexplained.com/sqli-case-study/ 📧 Subscribe to BBRE Premium: https://bbre.dev/premium ✉️ Sign up for the mailing list: https://bbre.dev/nl 📣 Follow me on Twitter: https://bbre.dev/tw This video is a part of the case study of 128 SQ | 0 |
| NucleiFuzzer - Powerful Automation Tool For Detecting XSS, SQLi, SSRF, Open-Redirect, Etc.. Vulnerabilities In Web Applications | NucleiFuzzer is an automation tool that combines ParamSpider and Nuclei to enhance web application security testing. It uses ParamSpider to identify potential entry points and Nuclei's templates to scan for vulnerabilities. | 227 |
| Awesome Bug Bounty Tools | Awesome Bug Bounty Tools A curated list of various bug bounty tools Contents Recon Subdomain Enumeration Port Scanning Screenshots Technologies Content Discovery Links Parameters Fuzzing Exploitation Command Injection CORS Misconfiguration CRLF Injection CSRF Injection Directory Traversal File Inc | 3853 |
| yeswehack/vulnerable-code-snippets | YesWeHack present code snippets containing several different vulnerabilities to practice your code analysis. The code snippets are beginner friendly but suitable for all levels! | 323 |
| 👩💻IW Weekly #39 : $10,000 Bounty, Zero-click Account Takeover, Stored XSS, Open Redirection Vulnerability, SQL Injection, RCE, Reconnaissance Techniques, and much more… | Welcome to the #IWWeekly39 - the Monday newsletter that brings the best in Infosec straight to your inbox. IWCON2022 finally came to a glorious end ❤️ Thank you for joining us. | 657 |
| SQL Injection in GraphQL | GraphQL Was Initially Developed and Used By Facebook as an Internal Query Language and so The Features of GraphQL Mostly Revolve Around Internal and Development Areas. GraphQL Executes Queries Using a Type System With The Data Defined. | 446 |
| DVWA 1.9+: Blind SQL Injection with SQLMap | Welcome back. In the previous article we’ve covered manual SQL Injection with the help of OWASP ZAP. In this article we’ll hack DVWA’s Blind SQL Injection with the help of SQLMap, one of the most powerful tools of our toolbelt. | 776 |
| Exploiting Error Based SQL Injections & Bypassing Restrictions | In this article, we will be learning how to escalate attacks when we are stuck with Error Based SQL Injections. Before diving in, let’s quickly grasp the basics of Error-based SQLi. | 1473 |
| Exploiting second-order blind SQL injection | Recently HackerOne organized an online CTF called 12 days of hacky holiday CTF. There was a total of 12 flags to be captured and for each flag, HackerOne gave a private program invitation on their platform. | 1364 |
| Website Penetration Testing and Database Hacking with Sqlmap | Hey Folks, in this tutorial we are going to demonstrate database hacking through one of the most valuable tool called is “sqlmap“. | 1314 |
| Union SQLi Challenges (Zixem Write-up) | I’ve always avoided learning more about SQL Injections, since they’ve always seemed like quite a daunting part of Infosec. Because of this, I finally decided to put in some time to an SQLi-focused wargame in order to sharpen my skills a little. | 1440 |
| Identifying & Exploiting SQL Injections: Manual & Automated | In this article, we will start by Identifying the SQL Injection vulnerabilities & how to exploit the vulnerable application. Further, we will dive into the automated tool: Sqlmap, which will ease the attack escalation. | 1194 |
| SQL Injection Cheat Sheet | What is an SQL Injection Cheat Sheet? An SQL injection cheat sheet is a resource in which you can find detailed technical information about the many different variants of the SQL Injection vulnerability. | 4052 |
| Out-of-Band (OOB) SQL Injection | Out-of-Band (OOB) SQL Injection is not a new attack and the discussion is started a few years ago. Purpose of the write-up is sharing and summarize findings during research. For detailed discussion of the research may refers to paper which is published at Academia and Zenodo. | 831 |
| Understanding the full potential of sqlmap during bug bounty hunting | Swiss army knife for SQL Injection attacks, sqlmap was first developed in 2006 by Daniele Bellucci and later maintained by Bernardo Damele and Miroslav Stampar. | 1733 |
| SQL injection to RCE | In the next lines I will expose a case that I experimented in a customer penetration testing days ago, in my opinion was interest how I needed concatenate a few factors to get the RCE. For obvious reasons, some customer data will be anonymized. | 673 |
| SQL injection cheat sheet | This SQL injection cheat sheet contains examples of useful syntax that you can use to perform a variety of tasks that often arise when performing SQL injection attacks. You can concatenate together multiple strings to make a single string. | 526 |
| Making a Blind SQL Injection a Little Less Blind | Someone told me the other day that “no-one does SQL Injection by hand any more”. I want to tell you about a SQL Injection bug that I found and exploited manually. Disclaimer: for the most part, I’m going to take you down the ‘happy path’ here. | 2128 |
| Comprehensive Guide to Sqlmap (Target Options) | Hello everyone. This article will focus on a category of sqlmap commands called the “target commands.” Many might not have tried these commands but they can be proved very useful in corporate world. | 143 |
| SQL Injection 101: Common Defense Methods Hackers Should Be Aware Of | Database technology has vastly improved the way we handle vast amounts of data, and almost every modern application utilizes it in one way or another. But the widespread use of databases naturally invites a slew of vulnerabilities and attacks to occur. | 1195 |
| Barebones Application Security — SQL Injection (SQLi) | We’re roughly halfway through this series on basic security steps for Startups to take. After introducing the series, we covered Cross Site Scripting (XSS) and then Cross Site Request Forgery (CSRF). | 866 |
| Welcome to the NetSPI SQL Injection Wiki! | This wiki's mission is to be a one stop resource for fully identifying, exploiting, and escalating SQL injection vulnerabilities across various Database Management Systems (DBMS). | 120 |
| BSQLinjector – Blind SQL Injection Tool Download in Ruby | BSQLinjector is an easy to use Blind SQL Injection tool in Ruby, that uses blind methods to retrieve data from SQL databases. The download is below. The author recommends using the “--test” switch to clearly see how configured payload looks like before sending it to an application. | 141 |
| SQL Attack (Constraint-based) | It is good to know that nowadays, developers have started paying attention to security while building websites. Almost everyone is aware of SQL Injection. | 712 |
| Full MSSQL Injection PWNage | |=--------------------------------------------------------------------=| |=----------------=[ Full MSSQL Injection PWNage ]=-----------------=| |=-----------------------=[ 28 January 2009 ]=------------------------=| |=----------------- | 8810 |