Collaborate Disseminate
I’ve recently had an interesting interview exercise I haven’t completed and it does puzzle me what kind of filter/protection they’ve used.
The vuln app is a PHP with simple MariaDB (5.5.56) back-end, where name FORM is vulner… Continue reading SQL Injection bypass UNION filter/restriciton
I ran across an opportunity for SQL injection the other day in some legacy code …
// input: email@email.com”
$email = $_POST[’email’];
mysql_query(‘SELECT * FROM users WHERE email = “‘.$email.'” ‘);
// output: you have a… Continue reading mysql_query | Why " breaks query but ‘ does not?
I installed Oxid eShop CE 6.0.2 on my local webserver to analyze the last SQL-injection vulnerability in this webapp.
I found out that it is possible to inject SQL via the sorting parameter (GET). So with the following URL, … Continue reading Exploiting SQL-Injection Vulnerability in Oxid eShop CE 6.0.2 with SQLMAP [on hold]
I ran across some legacy code that uses mysql_query($sql) or die(mysql_error())
Was curious and noticed that with a correctly placed ” in the email input … I am shown output from mysql_error() as a user.
You have an er… Continue reading Exploiting incorrectly escaped `mysql_query() or die(mysql_error())` to exfiltrate data?
SiteLock this week extended the reach of its tool for finding and removing malware from databases to include the open source MySQL database. Previously, the SMART Database only supported websites built using the WordPress framework. Now the company’s … Continue reading SiteLock Extends Database Security Reach to MySQL
I have a web application. The application needs to connect to the database to read/write information. The database can be accessed with username/password or certificate.
Is it possible, somehow, to encrypt all this communication so even t… Continue reading Can application connect to database without exposing password to anyone?
I’m currently enumerating a VM the results of which show me two open ports 22 and 3306 with SSH and mysql being the services running on them. However, when I further investigate 3306 with Metasploit or nmap using the various … Continue reading nmap and service detection
is it possible that someone can hack a website if they have a database name, database username, and database password? if yes, how they do it?
database connection is mysql.
Continue reading hack a website using database username and password
I know you need prepared statements and such to avoid SQL injection, and I’ve seen that there are different questions about exploits for SELECT, INSERT, UPDATE injectable queries.
But I couldn’t come up with an exploit sampl… Continue reading Mysql injection with a single `USE` statement
This is the query:
$mysqli->query(“UPDATE `users` SET `user_age` = ‘$my_age’, `user_sex` = ‘$my_gender’, `user_description` = ‘$my_description’
, `user_sound` = $my_sound, `country` = ‘$my_country’, `region` =… Continue reading Why exactly is this MySQL query vulnerable to SQL injections?