MySQL – Page 26 – WindowsTechs.com

Where should i put SQL Injection query?

Posted on August 31, 2018 by Balkrushna

Well i know little about how sql works and most common ways to test is id=1′ and like that but my question is where else we can enter our data to check sql vulnerability

Continue reading Where should i put SQL Injection query?→

Is password information dumped from the MySQL user table sensitive?

Posted on August 30, 2018 by Suma

Assume I have dumped MySQL user list using

SELECT user, host, password, ssl_type FROM mysql.user;

The result looks like this:

+——————+———–+——————————————-+———-+
| user … Continue reading Is password information dumped from the MySQL user table sensitive?→

How this Unique SQL injection works?

Posted on August 29, 2018 by Utkarsh Agrawal

I found a challenge which was vulnerable to SQL injection and it was very very pretty hard to find So, How this unique SQL works?

I found this on login form where when I send user=\&pass=||1# as a payload I got successf… Continue reading How this Unique SQL injection works?→

SQL injection standard errors

Posted on August 21, 2018 by Adelina Radu

What are the standard/most common sql injection errors? I am trying to build a scanner for sqli but I don’t know for what to search in the response after an sqli to check if it worked.

Continue reading SQL injection standard errors→

Protect MySQL against brute-force attacks on dedicated CentOS 7 server

Posted on August 18, 2018 by Jk33

I have a database in a dedicated server (CentOS 7) setup by an external provider. I see a disgusting amount of brute-force attempts in MySQL log file every day. I know the best option would be to not connect remotely (and clo… Continue reading Protect MySQL against brute-force attacks on dedicated CentOS 7 server→

Is there a point to set up passwords for services like MySQL, Redis etc. if we disable their related ports?

Posted on August 17, 2018 by evening

Redis’ default port is 6379 and MySQL’s default port is 3306. Let’s say we disable these ports to outside of the world with ufw. And let’s say only I have access to the servers. Is there still a point to set up passwords for … Continue reading Is there a point to set up passwords for services like MySQL, Redis etc. if we disable their related ports?→

How dangerous is disclosing a table’s structure to users?

Posted on August 15, 2018 by Programmer

I apologize if this is a dumb question.

I recently came across a website that embedded its error log out in a JSON response if the request to the website failed. In this case, it appeared there was a DB mismatch and it print… Continue reading How dangerous is disclosing a table’s structure to users?→

Amazon Announces Availability of Serverless Aurora MySQL

Posted on August 13, 2018 by Jamie McGibbon

Amazon recently announced that a serverless version of their Aurora MySQL database product is now generally available.

The post Amazon Announces Availability of Serverless Aurora MySQL appeared first on Petri.

Continue reading Amazon Announces Availability of Serverless Aurora MySQL→

How to bypass information_schema on SQL Injection?

Posted on August 12, 2018 by Roby Firnando Yusuf

I tried to manually SQL inject using DIOS (Dump in One Shot):

make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@)

But the WAF blocked information_schem… Continue reading How to bypass information_schema on SQL Injection?→

Encryption of user written notes in php

Posted on August 11, 2018 by Lucifyer

Before you start suggesting how to encrypt and decrypt text in PHP. Please that is not my question.

In my platform user writes notes. Small notes. And I store them in mysql database using encryption. The encryption key is st… Continue reading Encryption of user written notes in php→