Collaborate Disseminate
Is there any way to instruct sqlmap to perform normal injections without escaping and commenting? For example, it’s confirmed that id=1111+or+(INJECTION_HERE)=1–+ is valid, so can I instruct sqlmap to use that as an injection point and e… Continue reading RAW SQL Injection
My website is being hacked for the last 2 days. I’m an amateur who built it back in 2007ish and it still has some poor code. Was a hobby project that suddenly became very popular and lived to this day fluorishingly despite php5 and no prep… Continue reading Big old project getting hacked
My website is being hacked for the last 2 days. I’m an amateur who built it back in 2007ish and it still has some poor code. Was a hobby project that suddenly became very popular and lived to this day fluorishingly despite php5 and no prep… Continue reading Big old project getting hacked
My website is being hacked for the last 2 days. I’m an amateur who built it back in 2007ish and it still has some poor code. Was a hobby project that suddenly became very popular and lived to this day fluorishingly despite php5 and no prep… Continue reading Big old project getting hacked
I have manually confirmed an SQLi authentication bypass in a user login portal. The payload itself is quite simple. Can this vulnerability be used to do anything else such as enumerate users or inject a web shell?
Continue reading Can you exploit an SQLi authentication bypass for anything else?
It’s on codeigniter, and it shows this error. Can anybody help me to show the database name with this vulnerability?
Continue reading SQL injection like operator Codeigniter [closed]
I am learning Blind SQLi with Port Swigger Academy but I am stuck on this lab: https://portswigger.net/web-security/sql-injection/blind/lab-conditional-responses.
In this lab I have to get the user ‘administrator’ password from the table: … Continue reading Blind SQLi – guessing column name
I want to use sqlmap to find SQL injection vulnerabilities.
The problem that I am currently facing is that I need to encode the body of the Request to hex, otherwise the request won’t work.
My request is as follows(I will only post the ess… Continue reading Sqlmap – Post Request with encoded json body
I’m trying to get the hang of SQLi and XSS, and I am starting to get the hang of it.
However: in my lab I made this:
ignore’"; UPDATE users SET name=<script>alert(‘Malicious activity’)</script> WHERE name="John";… Continue reading Is this SQLi or XSS? (or both/neither)
In a web mvc application I have the user login and then he is navigated to a View which presents some data fetched from the database based on a unique Id of the user. He can continue to other views to get more details etc.
After authentica… Continue reading Altering requests after authenticating