MySQL – Page 22 – WindowsTechs.com

SQL injection authentication bypass

Posted on May 9, 2019 by Cash-

I am testing a SQLi login bypass on the PHP code below:

if(isset($_POST[“login”]) && isset($_POST[“password”])) {
$sql=”select * from users where login='{$_POST[“login”]}’ and password='{$_POST[“password”]}'”;
… Continue reading SQL injection authentication bypass→

Mysql Databases got erased on Ubuntu [on hold]

Posted on May 8, 2019 by MohammedSimba

This morning i found our mysql 5.5 databases are cleared suddenly and only one table at each database created called “warning”

I checked apache logs, ssh logs and mysql logs, didn’t find anything suspicious

How can i trace … Continue reading Mysql Databases got erased on Ubuntu [on hold]→

SQL injection for Capture the Flag

Posted on April 20, 2019 by Mislav Novalić

So I am in CTF and I need to bypass login form.

I only got this message so far:

Traceback (most recent call last):
File “./main.py”, line 145, in do_login
if cur.execute(‘SELECT password FROM admins WHERE username=\’%… Continue reading SQL injection for Capture the Flag→

Does choice of DBMS matter for protection against XSS and other injection attacks?

Posted on April 20, 2019 by Praveen David Mathew

I am choosing between the three most used databases, MySQL, Microsoft SQL Server and MongoDB. I have to choose the most secure database from these three.

Does my choice of DBMS has a role in protecting against XSS attacks a… Continue reading Does choice of DBMS matter for protection against XSS and other injection attacks?→

What MySQL information should be kept secret?

Posted on April 15, 2019 by user276833

I’m writing an open-source program interfacing with a protected MySQL server. I’d like to keep the development environment as close to the production environment as possible. Variables that must be kept secure are passed in v… Continue reading What MySQL information should be kept secret?→

mysql python connector error [on hold]

Posted on April 6, 2019 by rakshit ks

mysql.connector.errors.InterfaceError: 2003: Can’t connect to MySQL server on ‘127.0.0.1:3306’ (10061 No connection could be made because the target machine actively refused it

I TRIED ALL THE SOLUTION FORM STACKOVERFLOW TO … Continue reading mysql python connector error [on hold]→

Security risks of Read-only MySQL Database access behind firewall

Posted on April 3, 2019 by userawhdoahoohaodhoawd

Are there any obvious security risks to providing a none IT Staff member read-only Database access (through MySQL Workbench) to a Wordpress Database, if this is behind a firewall/VPN?

Continue reading Security risks of Read-only MySQL Database access behind firewall→

Connect to amazon rds SQL server through spoofed ip address [duplicate]

Posted on April 3, 2019 by Boudjemaa Saadi

This question already has an answer here:

Is it possible to pass TCP handshake with spoofed IP address?

4 answers

I’m usi… Continue reading Connect to amazon rds SQL server through spoofed ip address [duplicate]→

Bypass filters with Blind SQL injection [on hold]

Posted on April 2, 2019 by zorgos

I’m working on an internal audit and I found a blind SQL injection.
The login field appears to be injectable but only these characters are allowed:

!#$&'()*./<>@{}[]\^_|~1234567890

I know I can use SQLmap with t… Continue reading Bypass filters with Blind SQL injection [on hold]→

Best way to know the algorithm used for a password encryption

Posted on March 17, 2019 by Abdul Rahman

I have the following password captured using sqlmap-

$2a$08$9eaKUtKdFV8fuOAx0sfr4emrG1aHzGeNsn/rVdW243nw6Ktt.Uc0O

Now, I don’t know how to decrypt this password because I don’t know which algorithm was used for its encry… Continue reading Best way to know the algorithm used for a password encryption→