Tags » Sqli

Prevent SQL Injection with SQL Builders Like jOOQ

As long as we allow ourselves to write string-based dynamic SQL embedded in other programming languages like Java, we will have a certain risk of being vulnerable to SQL injection. 1,188 more words

Java

Fun with SQLite Load_Extension

What is load_extension?

This interface loads an SQLite extension library from the named file.

int sqlite3_load_extension(
sqlite3 *db, /* Load the extension into this database connection */
const char *zFile, /* Name of the shared library containing extension */
const char *zProc, /* Entry point.
1,081 more words
Reversing

Security Challenges

a.k.a. “How the sausage gets made”

Cyber security is being widely accepted by companies around the world as a mean for defending their precious data and try to find the best cyber security experts on the market. 544 more words

SQLi

TheDefaced publishes remote SQLi in IDS OSSEC

These become a larger issue when the vulnerability I’ve found requires you to have access to the agent at a level where you can modify the configuration file, I consider what I’ve found to be slightly more severe in larger environments because depending on the configuration of the server system it could allow a full-scale breach instead of a single agent being compromised. 163 more words

Research

SQL Injection (GET/Search).

Welcome to my first bWAPP tutorial, in this tutorial I will be explaining some of the basic risks of SQL injections (over a GET search request) and how it can be exploited. 1,449 more words

BWAPP Tutorials

Debunking the mysql_real_escape_string myth

a.k.a. “My queries are secure because I use mysql_real_escape_string to sanitize inputs”

From PHP manual:
string mysqli_real_escape_string ( mysqli $link , string $escapestr ) 203 more words

SQLi