Collaborate Disseminate
The Setup: Im building an app to model visually world data. A significant part of this project will be the database since that data is what is interesting. I should only need to allow SELECT queries, and perhaps eventually … Continue reading How safe is it to open source access to MySQL database on github, only permitting SELECT query?
I have a table with lots of user info – email, password and others. The server performs this query without using prepared statements:
SELECT * FROM login where email = ‘$_POST’;
I want to do an SQL injection with the post … Continue reading SQL injection using union statement
Im building a REST api for an ios application!
Would it be a good idea to send the user id (primary autoincrementing token in my mySQL database) of an account when authenticating with user token? (Happens on each get/post)
I thought it m… Continue reading Should I send the user ID of the user trying to authenticate in a HTTP header when using access token?
I have the problem that someone / someone is trying to connect to my database without a user / password. Port forwarding on 3306 is not active.
My SQL error log:
2019-02-06T15:32:32.888533+01:00 11141 [Note] Access denied fo… Continue reading mysql login failture
Is there a way of getting the column names of a table by brute force blind SQL injection in MySQL.
so the query would be:
select column_name from information_schema.columns WHERE table_name = ‘tablename’ and *column names f… Continue reading Getting the column names of a table by brute force blind SQL injection
I have tried the following tamper scripts in sqlmap but the connection is still getting dropped by the WAF: tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,c… Continue reading tamper scripts for bypassing waf sqlmap
I’ve been learning different attack vectors using applications such as bWapp and others to further my practice and knowledge of cybersecurity.
I’ve stumbled across a problem in one of them. If Order By is not usable in erro… Continue reading SQL Injection ORDER By not working MySQL Error Based
Is it possible to search for tables which contain a specific value and dump those tables e.g search all tables that have the name ‘john’ in them somewhere.
something like:
sqlmap.py -u “https://www.website.com/index.php?id=… Continue reading search for tables containing specific values in sqlmap [on hold]
Most database breaches are blamed on insiders such as employees who are either malicious or whose security has been compromised. In fact, most of these breaches are actually caused by poor security configuration and privilege abuse. Every new database … Continue reading Seven Must-Dos to Secure MySQL 8.0
A flaw in MySQL could allow rogue servers to steal files, a state agency exposes 3TB of data including FBI info, how cybercriminals clean their dirty money, a critical RCE flaw in Linux APT allows remote attackers to hack systems, and how to protec… Continue reading LinkedIn, MySQL, & Cyber Attacks – Hack Naked News #204