Tags » Sqli

Prevent SQL Injection with SQL Builders Like jOOQ

As long as we allow ourselves to write string-based dynamic SQL embedded in other programming languages like Java, we will have a certain risk of being vulnerable to SQL injection. 1,188 more words


Fun with SQLite Load_Extension

What is load_extension?

This interface loads an SQLite extension library from the named file.

int sqlite3_load_extension(
sqlite3 *db, /* Load the extension into this database connection */
const char *zFile, /* Name of the shared library containing extension */
const char *zProc, /* Entry point.
1,081 more words

Security Challenges

a.k.a. “How the sausage gets made”

Cyber security is being widely accepted by companies around the world as a mean for defending their precious data and try to find the best cyber security experts on the market. 544 more words


TheDefaced publishes remote SQLi in IDS OSSEC

These become a larger issue when the vulnerability I’ve found requires you to have access to the agent at a level where you can modify the configuration file, I consider what I’ve found to be slightly more severe in larger environments because depending on the configuration of the server system it could allow a full-scale breach instead of a single agent being compromised. 163 more words


SQL Injection (GET/Search).

Welcome to my first bWAPP tutorial, in this tutorial I will be explaining some of the basic risks of SQL injections (over a GET search request) and how it can be exploited. 1,449 more words

BWAPP Tutorials

Debunking the mysql_real_escape_string myth

a.k.a. “My queries are secure because I use mysql_real_escape_string to sanitize inputs”

From PHP manual:
string mysqli_real_escape_string ( mysqli $link , string $escapestr ) 203 more words