Joel O.joelodey.hashnode.dev·Mar 25, 2024Lab: SQL injection attack, querying the database type and version on OracleTo exploit SQL injection, it's crucial to understand the structure of the database query. Use a payload to determine the number of columns returned by the query and identify columns containing text data. For instance, inject the following payload int...DiscussPortSwigger SQL injection (SQLi) Labs#sqlinjection
Joel O.joelodey.hashnode.dev·Mar 18, 2024Lab: SQL injection UNION attack, determining the number of columns returned by the querySQL injection is a serious security risk for web applications, and Burp Suite can be used to identify and address these vulnerabilities. This guide shows how to use Burp Suite to intercept and modify requests, specifically focusing on the product cat...DiscussPortSwigger SQL injection (SQLi) Labsportswigger
Kaustubh RaiforBreachForcebreachforce.net·Mar 9, 2024Streamlining Security Assessments with BChecksAll of us - security professionals - use Burp Suite every day, whether as red teamers or blue teamers. With our experience in the industry, we've encountered scenarios where we'd like to remember specific test cases for particular categories. We ofte...Discuss·10 likes·47 readsbchecks
Joel O.joelodey.hashnode.dev·Mar 5, 2024Lab: SQL injection UNION attack, finding a column containing textIn this lab, our goal is to determine the number of columns returned by the query, offering a valuable insight into potential SQL injection vulnerabilities. Step 1: Intercepting and Modifying Requests with Burp Suite Burp Suite, a versatile web appli...DiscussPortSwigger SQL injection (SQLi) LabsBurpsuite
Joel O.joelodey.hashnode.dev·Feb 26, 2024Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden dataLab Scenario: Our objective is to understand and exploit a SQL injection vulnerability in the WHERE clause of a web application's stock check feature. By carefully probing and bypassing security measures, we aim to retrieve hidden data and ultimately...Discuss·1 likePortSwigger SQL injection (SQLi) Labs#sqlinjection
Joel O.joelodey.hashnode.dev·Feb 19, 2024Lab: SQL injection attack, listing the database contents on OracleThis article aims to provide an educational walkthrough using Burp Suite to identify and exploit SQL injection vulnerabilities, emphasizing the significance of proactive security measures. Step 1: Intercepting and Modifying Requests with Burp Suite B...Discuss·1 likeSQLi
Joel O.joelodey.hashnode.dev·Feb 12, 2024Lab: SQL injection UNION attack, retrieving multiple values in a single columnIn this educational guide, we will delve into the process of leveraging Burp Suite to intercept and modify requests, focusing on the product category filter. Our objective is to uncover potential SQL injection vulnerabilities, understand the database...DiscussPortSwigger SQL injection (SQLi) LabsSQLi
Joel O.joelodey.hashnode.dev·Feb 5, 2024Lab: SQL injection attack, querying the database type and version on MySQL and MicrosoftWe will explore the practical application of Burp Suite to identify and exploit SQL injection vulnerabilities, shedding light on potential risks and the importance of secure coding practices. Step 1: Understanding the Basics SQL injection occurs when...DiscussPortSwigger SQL injection (SQLi) LabsSQLi
Joel O.joelodey.hashnode.dev·Jan 29, 2024Lab: Password reset poisoning via middlewareLab Scenario: Our mission is to investigate and exploit the password reset functionality of a simulated web application, demonstrating the risks associated with insecure implementations. Let's navigate through the solution using Burp Suite: Explorin...DiscussPortSwigger Authentication Labswebsecurity
Joel O.joelodey.hashnode.dev·Jan 23, 2024Lab: SQL injection with filter bypass via XML encodingLab Scenario: Our mission is to explore and exploit a web application's SQL injection vulnerability while overcoming a Web Application Firewall (WAF) by leveraging XML encoding. By manipulating the XML-formatted requests, we intend to bypass security...Discuss·10 likesPortSwigger SQL injection (SQLi) LabsBurpsuite