Tags » Sqli

SQL Injection (GET/Search).

Welcome to my first bWAPP tutorial, in this tutorial I will be explaining some of the basic risks of SQL injections (over a GET search request) and how it can be exploited. 1,449 more words

BWAPP Tutorials

Debunking the mysql_real_escape_string myth

Bypassing an overconfident query (a.k.a. “My query is secure because I use mysql_real_escape_string to sanitize inputs”

From PHP manual:
string mysqli_real_escape_string ( mysqli $link , string $escapestr ) 203 more words


Numeric SQL Injection: WebGoat

At some point you will need to attack the vast world of Command Injection. SQL Injection is a massive subject with some very interesting methods for obtaining information. 302 more words

Web App Testing


The World Wide Web, abbreviated as WWW is global information medium interlinked with hypertext documents accessed via the internet. In a web browser a user can easily search the content by simply filling up a form. 76 more words


Summary of OWASP 10 Attack

A1 Injection

Injection flaws  like SQL<OS<LDAP injection occur when untrusted data is sent to an interpreter as a part of a command or query.

A2 Broken Authentication and session Management… 585 more words

So You Think You're Smart, Huh?

A recent post by Rob Graham can be found at http://blog.erratasec.com/2016/02/hackers-arent-smart-people-are-stupid.html. Some may be offended by it and I can see why. But I’m in part posting this to admit to suffering from said stupidity this week … and to provide some (I think) smart advice, both specific and general, AppSec and life related. 647 more words

Sequels are the Worst 1: 80 points

Problem: Log in as admin on this website.

Suggested Reading:

SQL Tutorial
SQL Injection
Boolean Algebra – Basic Operations


SQL injections are quite common in CTFs, and that should not be surprising as they are one of the top attack vectors year after year. 1,351 more words