Collaborate Disseminate
Is this a safe way to filter strings into an SQL query in java or could this be bypassed? I understand that I should just parameterize everything but this is an ancient code base where it makes more sense to do it myself.
public st… Continue reading It this a safe way to filter input into an SQL query
I am practicing on some vulnerable application, and I am asked to find an injection vulnerability with a payload. it states there is a common and simple filter in place. Then I need to extract the flag value from the chlns ta… Continue reading Is this SQLMap query is correct?
I found a Django app running on http://test.com that is running on debug mode. After trying some wrong paths I got with the django error screen showing the stacktrace and the credentials used to access the DB.
But this DB is … Continue reading Is there a way to access the local DB from external webapp?
I’m on a website which have a program, there is a search input for keywords.
When I input & or < or > and search, it returns Got error ’empty (sub)expression’ from regexp error and when I input $ or ^ or .* I get all keywords at… Continue reading Is SQL Injection possible in this case (REGEXP)?
in sql injection attack is possible update dump value using sqlmap or sql-shell ? for example update username value. if yes, what is the order ?
Continue reading in sql injection attack is possible update dump value using sqlmap or sql-shell?
I want to make a client-side, Windows-based application that allows the user to register and it will store the registration details in an online MySQL server.
However when i googled ways to do this, I found that to establish… Continue reading Risk of getting MySQL database compromised with a client application
I’ve a php code where I get the page number from a GET request and then run a sql query to select records from the database by the page number
$maxPerPage = 20;
$page = $_GET[“p”];
$applicants = DB::query(‘SELECT * FROM re… Continue reading How can this sql query be injected?
We currently have a hacker who is asking for a bounty before they will tell where a vulnerability is in our project that uses SQL. He sent us accurate screenshots of his successful attacks by showing the database architecture… Continue reading How to find and monitor a SQL vulnerability in a web project? [on hold]
I am trying to pentest my friend’s site. It is clearly vulnerable to SQL injection attack based on the error messages I get from entering different get parameters.
Whenever I try very simple attacks containing SQL commands s… Continue reading Server returns 403 when I try SQL injection
A recent employment test prompted me to perform an SQL injection to gain access into their website.
Using manual and automated (Burp) methods, I was able to find out the form is definitely vulnerable to SQL Injection attacks, but every ti… Continue reading How do you perform SQL injection on a login form that checks for email address format?