Low code, high stakes: Addressing SQL injection

Like a bad movie that seems to go on forever, SQL injection (SQLi) attacks have lingered since the late 1990s. Due to various factors, they remain the third most common source of web application vulnerabilities. Reasons include human error, new technol… Continue reading Low code, high stakes: Addressing SQL injection

QR code SQL injection and other vulnerabilities in a popular biometric terminal

The report analyzes the security properties of a popular biometric access control terminal made by ZkTeco and describes vulnerabilities found in it. Continue reading QR code SQL injection and other vulnerabilities in a popular biometric terminal

Is Homomorphic SQL Query Encryption a good idea – and should I use It?

My web app still needs a lot of work on it in the security department, so I’m considering implementing homomorphic encryption for my SQL database- to help protect from the outcomes of SQLi.
I know the basic principles of how homomorphic en… Continue reading Is Homomorphic SQL Query Encryption a good idea – and should I use It?

Is my wesbite stil vulnerable if sqlmap cannot retrieve the database names but CAN successfully inject?

I am (basically) pen-testing my own website, and I do have a new WAF, but have temporarily taken it down in a safe, testing environment (the one on my actual site is still up.)
This is the same site that was receiving an enormous amount of… Continue reading Is my wesbite stil vulnerable if sqlmap cannot retrieve the database names but CAN successfully inject?

Is it possible to exploit this supposedly boolean-based blind and time-based blind SQLi (sqlmap)?

I recently found a boolean-based blind SQLi and since I’m new to the bug bounty scene – I don’t understand what impact I can extract from it.
There is a website like example.com/tarif?tableId=136&dbsource=gkcp&nf=undefined. The vul… Continue reading Is it possible to exploit this supposedly boolean-based blind and time-based blind SQLi (sqlmap)?

Can I provide database names and tables to sqlmap to check if it is true or false? [closed]

Is there any way I can run sqlmap tool to test whether the database names I already have are true or false?
I made some mistakes while testing on one target. The target is time-based blind injection vulnerable. I ran sqlmap tool with –dum… Continue reading Can I provide database names and tables to sqlmap to check if it is true or false? [closed]