H. Valters
Ethical Penetration tester / DevSecOps / IT Solution Developer / System administrator
Category Archives: SQL injection
Examining the database in SQL injection attacks
When exploiting SQL injection vulnerabilities, it is often necessary to gather some information about the database itself. This includes the type and version of the database software and the contents of the database in terms of which tables and columns it contains. Querying the database type and version Different databases provide different ways of querying their version….
Blind SQL injection
In this section, we’ll describe what blind SQL injection is, explain various techniques for finding and exploiting blind SQL injection vulnerabilities. What is blind SQL injection? Blind SQL injection arises when an application is vulnerable to SQL injection, but its HTTP responses do not contain the results of the relevant SQL query or the details…
SQL injection cheat sheet
This SQL injection cheat sheet contains examples of the useful syntax that you can use to perform a variety of tasks that often arise when performing SQL injection attacks. String concatenation You can concatenate together multiple strings to make a single string. Oracle ‘foo’||’bar’ Microsoft ‘foo’+’bar’ PostgreSQL ‘foo’||’bar’ MySQL ‘foo’ ‘bar’ [Note the space between the two strings]CONCAT(‘foo’,’bar’)…
SQL injection UNION attacks
When an application is vulnerable to SQL injection and the results of the query are returned within the application’s responses, the UNION keyword can be used to retrieve data from other tables within the database. This results in an SQL injection UNION attack. The UNION keyword lets you execute one or more additional SELECT queries and append the results to the…
SQL injection
In this section, we’ll explain what SQL injection is, describe some common examples, explain how to find and exploit various kinds of SQL injection vulnerabilities, and summarize how to prevent SQL injection. What is SQL injection (SQLi)? SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an…