Tags » Sqli

So You Think You're Smart, Huh?

A recent post by Rob Graham can be found at http://blog.erratasec.com/2016/02/hackers-arent-smart-people-are-stupid.html. Some may be offended by it and I can see why. But I’m in part posting this to admit to suffering from said stupidity this week … and to provide some (I think) smart advice, both specific and general, AppSec and life related. 647 more words

Sequels are the Worst 1: 80 points

Problem: Log in as admin on this website.

Suggested Reading:

SQL Tutorial
SQL Injection
Boolean Algebra – Basic Operations


SQL injections are quite common in CTFs, and that should not be surprising as they are one of the top attack vectors year after year. 1,351 more words

Sql Injection

Finding tables and columns in Sqlite

On a recent capture-the-flag event, I came across a web app that had a somewhat troublesome SQL injection vulnerability. Identifying that the query was vulnerable was easy enough, but fingerprinting the underlying database was troublesome. 128 more words

Introduction to SQL Injection in MySQL and ways of protection

.hl-default {
color: Black;
.hl-code {
color: Gray;
.hl-brackets {
color: Olive;
.hl-comment {
color: Orange;
.hl-quotes {
color: Darkred;
} 1,408 more words

A False Sense of Security, or how Database Developers can save £35 million

Deb’s been recovering from an operation recently. During her convalescence, I have been designated as her nurse and carer.
Careful planning was required prior to the op. 4,383 more words


SQLi - Lev 2 (Moderate)

Lets take a look at another SQL Injection technique, one that is more advanced and with which we are going to trick the database at the server side to reflect back the fields in the database to us – the attacker. 683 more words