Collaborate Disseminate
I was able to find an article that mentions that SQL injection can be done to SQL code in the following scenarios where stored procedures are involved:
EXEC statements
Dynamic Cursors
Assuming SQLi isn’t directly possible… Continue reading Can native SQL code be vulnerable? To what?
On my Linux system, I always use a configuration file to log in to MySQL servers without having to enter my password every time. These files includes the username and password.
I have to encrypt this configuration file for s… Continue reading Using encrypted config file for MySQL?
I have discovered the credentials of a website database.
I’ve tried to access the database from SQLMap (which claims that you can access the SQL database from external sources)
but in the meantime, I got 1045 error due to a… Continue reading Bypassing IP Restriction or finding accepted IPs for SQL Database
I’m running OTRS on a CentOS server and the MySQL DB is running on a remote server, on CentOS as well. OTRS does not support an encrypted connection with MySQL hence the connection is not encrypted. I would like to use stunne… Continue reading encrypt with stunnel
Is it possible to insert data into a table using SQL Injection, more specifically Error Based via URL or login input fields? I’ve taken up an online challenge. So far I’ve been able to view the database tables, columns etc. b… Continue reading Error Based SQL Injection
I am not sure if there is a good way to do this. Currently I have a website that users log into. In that website there is pages that have API calls to another service, this service uses:
Authorization: BASIC username:pass… Continue reading Store basic oAuth for a session on a website
I’m studying infosec, starting to make my way through some of the online wargames out there. Have recently been working on Natas by OverTheWire (http://overthewire.org/wargames/natas/) and it’s been great fun so far. My quest… Continue reading Why did this particular input work for SQL injection?
I’m studying infosec, starting to make my way through some of the online wargames out there. Have recently been working on Natas by OverTheWire (http://overthewire.org/wargames/natas/) and it’s been great fun so far. My quest… Continue reading Why did this particular input work for SQL injection?
We have received an email from a so called “security researcher” who apparently gained access to our databases. He attached a screenshot listing all of our online databases. Now, what I know for sure is that SQL injection is … Continue reading What layers can be penetrated to obtain MySQL root access?
Let me prefix my question with some information on our environment. We have a web server with 100+ websites. The web server has a corresponding MySQL Server version 5.7. Each PHP website has MySQL Database with a MySQL User a… Continue reading Are there potentential risks to allowing a PHP website MySQL User to have Create, Alter, and Drop Permissions