Tags » Sqli

SQL Injection (GET/Search).

Welcome to my first bWAPP tutorial, in this tutorial I will be explaining some of the basic risks of SQL injections (over a GET search request) and how it can be exploited. 1,449 more words

BWAPP Tutorials

Debunking the mysql_real_escape_string myth

Bypassing an overconfident query (a.k.a. “My query is secure because I use mysql_real_escape_string to sanitize inputs”

From PHP manual:
string mysqli_real_escape_string ( mysqli $link , string $escapestr ) 203 more words

MySQL

Numeric SQL Injection: WebGoat

At some point you will need to attack the vast world of Command Injection. SQL Injection is a massive subject with some very interesting methods for obtaining information. 302 more words

Web App Testing

STUDY OF DEEP WEB AND A NEW FORM BASED CRAWLING TECHNIQUE

The World Wide Web, abbreviated as WWW is global information medium interlinked with hypertext documents accessed via the internet. In a web browser a user can easily search the content by simply filling up a form. 76 more words

Iaeme

Summary of OWASP 10 Attack

A1 Injection

Injection flaws  like SQL<OS<LDAP injection occur when untrusted data is sent to an interpreter as a part of a command or query.

A2 Broken Authentication and session Management… 585 more words

So You Think You're Smart, Huh?

A recent post by Rob Graham can be found at http://blog.erratasec.com/2016/02/hackers-arent-smart-people-are-stupid.html. Some may be offended by it and I can see why. But I’m in part posting this to admit to suffering from said stupidity this week … and to provide some (I think) smart advice, both specific and general, AppSec and life related. 647 more words

Sequels are the Worst 1: 80 points

Problem: Log in as admin on this website.

Suggested Reading:

SQL Tutorial
SQL Injection
Boolean Algebra – Basic Operations

Introduction:

SQL injections are quite common in CTFs, and that should not be surprising as they are one of the top attack vectors year after year. 1,351 more words

Web