bo8bo8.hashnode.dev·4 hours agoCVE-2024-24813: Biến thể SQL Injection trong Frappe FrameworkCVE-2024-24813 được mình tìm ra trong một dịp khá thú vị. Nay bên vendor họ đã patch xong, mình viết bài blog này chia sẻ về cách mình tìm ra nó như thế nào. Sáng hôm đó, mình ngồi review lại code để chuẩn bị cho buổi training phân tích 1-day với mấy...Discuss·122 readsSQLi
Joel O.joelodey.hashnode.dev·Mar 18, 2024Lab: SQL injection UNION attack, determining the number of columns returned by the querySQL injection is a serious security risk for web applications, and Burp Suite can be used to identify and address these vulnerabilities. This guide shows how to use Burp Suite to intercept and modify requests, specifically focusing on the product cat...DiscussPortSwigger SQL injection (SQLi) Labsportswigger
Joel O.joelodey.hashnode.dev·Mar 5, 2024Lab: SQL injection UNION attack, finding a column containing textIn this lab, our goal is to determine the number of columns returned by the query, offering a valuable insight into potential SQL injection vulnerabilities. Step 1: Intercepting and Modifying Requests with Burp Suite Burp Suite, a versatile web appli...DiscussPortSwigger SQL injection (SQLi) LabsBurpsuite
Joel O.joelodey.hashnode.dev·Feb 26, 2024Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden dataLab Scenario: Our objective is to understand and exploit a SQL injection vulnerability in the WHERE clause of a web application's stock check feature. By carefully probing and bypassing security measures, we aim to retrieve hidden data and ultimately...Discuss·1 likePortSwigger SQL injection (SQLi) Labs#sqlinjection
Joel O.joelodey.hashnode.dev·Feb 19, 2024Lab: SQL injection attack, listing the database contents on OracleThis article aims to provide an educational walkthrough using Burp Suite to identify and exploit SQL injection vulnerabilities, emphasizing the significance of proactive security measures. Step 1: Intercepting and Modifying Requests with Burp Suite B...Discuss·1 likeSQLi
Joel O.joelodey.hashnode.dev·Feb 12, 2024Lab: SQL injection UNION attack, retrieving multiple values in a single columnIn this educational guide, we will delve into the process of leveraging Burp Suite to intercept and modify requests, focusing on the product category filter. Our objective is to uncover potential SQL injection vulnerabilities, understand the database...DiscussPortSwigger SQL injection (SQLi) LabsSQLi
Joel O.joelodey.hashnode.dev·Feb 5, 2024Lab: SQL injection attack, querying the database type and version on MySQL and MicrosoftWe will explore the practical application of Burp Suite to identify and exploit SQL injection vulnerabilities, shedding light on potential risks and the importance of secure coding practices. Step 1: Understanding the Basics SQL injection occurs when...DiscussPortSwigger SQL injection (SQLi) LabsSQLi
Joel O.joelodey.hashnode.dev·Jan 23, 2024Lab: SQL injection with filter bypass via XML encodingLab Scenario: Our mission is to explore and exploit a web application's SQL injection vulnerability while overcoming a Web Application Firewall (WAF) by leveraging XML encoding. By manipulating the XML-formatted requests, we intend to bypass security...Discuss·10 likesPortSwigger SQL injection (SQLi) LabsBurpsuite
Stackzerostackzero.hashnode.dev·Jul 27, 2023Hack With SQL Injection Attacks! DVWA medium securityWhat is the best way to learn SQL injection? This is a very practical article that, If you have the patience to read until the end, will teach you how to write an automated SQL injection exploit in Python for DVWA.We also see how to turn around the e...Discuss·44 reads#sqlinjection
Shay Randredmethod.hashnode.dev·Jan 9, 2023How to Discover SQL InjectionsThe process of finding SQL injection vulnerabilities involves identifying user data entry, tampering with the data sent to the application, and identifying changes in the results returned by the server. You have to keep in mind that tampering with th...Discuss·632 readsSQLi