Tags » Sqli

Sqlcutie 1.6 updates

SQLcutie is a SQL/DB vulnerability (vuln) finder using search engine’s dorking technique. The goal is to slowly transition the dorker to an actual vuln finder. Instead of current version is still focused on finding exploitable bugs. 107 more words

Union-Based SQL Injection

Introduction:

Union based sql injection is one of many injection techniques.  This one is different than the first example as we enter our sql code into the URL instead of a text on the login page.  817 more words

Sqli

SQL Injection: Google Dorks

Introduction:

Today I’d like to introduce you to Google dorks.  These are basically advanced search functions that we can call in Google to look for sites with certain parameters.   362 more words

Sqli

SQL Injection: Do you know the law?

Introduction:

Ethical hacking and defense is an exciting skill set to learn about and it is very easy to get carried away.  When you learn a new exploitation technique many people want to go and try it on every site they can find.   768 more words

Sqli

Belated Codegate 2014 Quals Writeups and Lessons Learned

The local challenges can be grabbed from here and various other writeups are online. I was off on the timing for this one, so I only dove into most the challenges on Sunday morning… right before codegate ended and after it ended. 5,039 more words

Reverse Engineering

SQL Injection: Parameterized Queries

Introduction:

In my last blog post, I showed you a simple example of SQLi vulnerablity.  We gained access to a login page and were verified as an authenticated user even though we didn’t know the correct login or password.   632 more words

Sqli

SQL Injection: An Overview

Introduction

Sql injection is essentially the injection of some user’s code (mostly unauthorized and malicious) into some kind of data driven website or application.  Purposes range from data acquisition to data destruction.  1,007 more words

Sqli