Abishek Kafledevops.abisec.xyz·Oct 19, 2024Mapping LLM API attack surfaceIntroduction Organizations are quickly integrating Large Language Models (LLMs) to enhance their online customer experience. However, this exposes them to web LLM attacks, which exploit the model's access to data, APIs, or user information that an at...DiscussInfosecllm
Ohekpeje Joel Odeyjoelodey.hashnode.dev·Apr 8, 2024Lab: SQL injection attack, listing the database contents on non-Oracle databasesIn this educational guide, we will explore the practical application of Burp Suite to identify and exploit SQL injection vulnerabilities, highlighting the importance of robust security practices. Step 1: Intercepting and Modifying Requests with Burp ...Discuss·7 likesPortSwigger SQL injection (SQLi) Labs#sqlinjection
Ohekpeje Joel Odeyjoelodey.hashnode.dev·Apr 1, 2024Lab: SQL injection UNION attack, retrieving data from other tablesIn this educational guide, we will walk through the process of using Burp Suite to intercept and modify requests, focusing on the product category filter. Our objective is to unveil potential SQL injection vulnerabilities, understand the database str...Discuss·9 likes·31 readsPortSwigger SQL injection (SQLi) LabsSQLi
bo8bo8.hashnode.dev·Mar 28, 2024CVE-2024-24813: Biến thể SQL Injection trong Frappe FrameworkCVE-2024-24813 được mình tìm ra trong một dịp khá thú vị. Nay bên vendor họ đã patch xong, mình viết bài blog này chia sẻ về cách mình tìm ra nó như thế nào. Sáng hôm đó, mình ngồi review lại code để chuẩn bị cho buổi training phân tích 1-day với mấy...Discuss·1 like·2.8K readsSQLi
Ohekpeje Joel Odeyjoelodey.hashnode.dev·Mar 18, 2024Lab: SQL injection UNION attack, determining the number of columns returned by the querySQL injection is a serious security risk for web applications, and Burp Suite can be used to identify and address these vulnerabilities. This guide shows how to use Burp Suite to intercept and modify requests, specifically focusing on the product cat...Discuss·7 likesPortSwigger SQL injection (SQLi) Labsportswigger
Ohekpeje Joel Odeyjoelodey.hashnode.dev·Mar 5, 2024Lab: SQL injection UNION attack, finding a column containing textIn this lab, our goal is to determine the number of columns returned by the query, offering a valuable insight into potential SQL injection vulnerabilities. Step 1: Intercepting and Modifying Requests with Burp Suite Burp Suite, a versatile web appli...DiscussPortSwigger SQL injection (SQLi) LabsBurpsuite
Ohekpeje Joel Odeyjoelodey.hashnode.dev·Feb 26, 2024Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden dataLab Scenario: Our objective is to understand and exploit a SQL injection vulnerability in the WHERE clause of a web application's stock check feature. By carefully probing and bypassing security measures, we aim to retrieve hidden data and ultimately...Discuss·1 like·35 readsPortSwigger SQL injection (SQLi) Labs#sqlinjection
Ohekpeje Joel Odeyjoelodey.hashnode.dev·Feb 19, 2024Lab: SQL injection attack, listing the database contents on OracleThis article aims to provide an educational walkthrough using Burp Suite to identify and exploit SQL injection vulnerabilities, emphasizing the significance of proactive security measures. Step 1: Intercepting and Modifying Requests with Burp Suite B...Discuss·11 likes·28 readsSQLi
Ohekpeje Joel Odeyjoelodey.hashnode.dev·Feb 12, 2024Lab: SQL injection UNION attack, retrieving multiple values in a single columnIn this educational guide, we will delve into the process of leveraging Burp Suite to intercept and modify requests, focusing on the product category filter. Our objective is to uncover potential SQL injection vulnerabilities, understand the database...DiscussPortSwigger SQL injection (SQLi) LabsSQLi
Ohekpeje Joel Odeyjoelodey.hashnode.dev·Feb 5, 2024Lab: SQL injection attack, querying the database type and version on MySQL and MicrosoftWe will explore the practical application of Burp Suite to identify and exploit SQL injection vulnerabilities, shedding light on potential risks and the importance of secure coding practices. Step 1: Understanding the Basics SQL injection occurs when...Discuss·30 readsPortSwigger SQL injection (SQLi) LabsSQLi
