MySQL – WindowsTechs.com

if mysql server is not running, is it still possible somebody gain access to my database from outside LAN (hack my database without my consent?)

Posted on August 26, 2024 by John Z

I am using phpmyadmin running on xampp windows in a LAN environment. I want to find some ultimate secure solution for my database. So I am not running mysql (showing Stop in xampp control panel), is it still possible someone gain access to… Continue reading if mysql server is not running, is it still possible somebody gain access to my database from outside LAN (hack my database without my consent?)→

MySQL Injection with a incomplete database [closed]

Posted on July 3, 2024 by NightOwlOnCoffee

I have a database in which most or maybe even all columns are empty. Yet I have to gain access to the database via a user called Tom.
I found out that the table is called users and the query the server sends when logging in is:
SELECT user… Continue reading MySQL Injection with a incomplete database [closed]→

sqlmap –dump csv file output problem for Large database

Posted on May 15, 2024 by Solo

Is there any way to save half dumped output in csv file or in table format in sqlmap?
Look below image for better understanding. The target is boolean based blind injection vulnerable. For sure this injection takes hell of a time for large… Continue reading sqlmap –dump csv file output problem for Large database→

Can I provide database names and tables to sqlmap to check if it is true or false? [closed]

Posted on May 14, 2024 by Solo

Is there any way I can run sqlmap tool to test whether the database names I already have are true or false?
I made some mistakes while testing on one target. The target is time-based blind injection vulnerable. I ran sqlmap tool with –dum… Continue reading Can I provide database names and tables to sqlmap to check if it is true or false? [closed]→

sqlmap cannot detect a confirmed vulnerability

Posted on May 4, 2024 by Sohail Saha

I have a verified injection which looks like:
/page/(SELECT+SLEEP(10))
But sqlmap cannot detect it no matter what.
This is how I’m running sqlmap:
sqlmap -u ‘http://MY-SITE/page/*’ –level=5 –risk=3 –threads=10 –dbms=mysql –method=POST… Continue reading sqlmap cannot detect a confirmed vulnerability→

Getting around a WAF’s restrictions for SQLi

Posted on March 21, 2024 by ben39

I have this payload: AND SELECT SUBSTR(table_name,1,1) FROM information_schema.tables > ‘A’
but a WAF restricts table_name and information_schema keywords and gives a not acceptable message.
Is there is a way to get around this and retr… Continue reading Getting around a WAF’s restrictions for SQLi→

Conducting a proof-of-concept attack on an open MySQL port

Posted on February 14, 2024 by KhodeNima

I am not very experienced nor do I have acceptable knowledge, that is why I have signed up to work on a small project to gain some experience, where they don’t seem to care about security much.
After running a scan, I noticed that they hav… Continue reading Conducting a proof-of-concept attack on an open MySQL port→

Hackaday Links: January 28, 2024

Posted on January 29, 2024 by Dan Maloney

From the “No good deed goes unpunished” files, this week came news of a German programmer who probably wishes he had selected better clients. According to Heise Online (English translation), …read more Continue reading Hackaday Links: January 28, 2024→

Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot

Posted on January 18, 2024 by Zeljka Zorz

Users exposing poorly secured PostgreSQL and MySQL servers online are in danger of getting their databases wiped by a ransomware bot, Border0 researchers are warning. The attackers asks for a small sum to return / not publish the data, but those who pa… Continue reading Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot→

How can I pen test my .php website that I host on my local machine?

Posted on January 12, 2024 by can kaygısız

Pen testing my own .php website
Well, I’ve made some kind of forum type website where you can share posts comments and information. There is a login panel (/index.php) at first and it’s already secure enough to block users from entering &q… Continue reading How can I pen test my .php website that I host on my local machine?→