Tags » Sqli

Security Challenges

a.k.a. “How the sausage gets made”

Cyber security is being widely accepted by companies around the world as a mean for defending their precious data and try to find the best cyber security experts on the market. 393 more words


TheDefaced publishes remote SQLi in IDS OSSEC

These become a larger issue when the vulnerability I’ve found requires you to have access to the agent at a level where you can modify the configuration file, I consider what I’ve found to be slightly more severe in larger environments because depending on the configuration of the server system it could allow a full-scale breach instead of a single agent being compromised. 163 more words


SQL Injection (GET/Search).

Welcome to my first bWAPP tutorial, in this tutorial I will be explaining some of the basic risks of SQL injections (over a GET search request) and how it can be exploited. 1,449 more words

BWAPP Tutorials

Debunking the mysql_real_escape_string myth

a.k.a. “My queries are secure because I use mysql_real_escape_string to sanitize inputs”

From PHP manual:
string mysqli_real_escape_string ( mysqli $link , string $escapestr ) 203 more words


Numeric SQL Injection: WebGoat

At some point you will need to attack the vast world of Command Injection. SQL Injection is a massive subject with some very interesting methods for obtaining information. 302 more words

Web App Testing


The World Wide Web, abbreviated as WWW is global information medium interlinked with hypertext documents accessed via the internet. In a web browser a user can easily search the content by simply filling up a form. 76 more words


Summary of OWASP 10 Attack

A1 Injection

Injection flaws  like SQL<OS<LDAP injection occur when untrusted data is sent to an interpreter as a part of a command or query.

A2 Broken Authentication and session Management… 585 more words