Collaborate Disseminate
I see there are forums about this question, but everywhere, I fail to see the answer I am looking for.
I have a stored procedure which its purpose is to execute dynamic SQL statement.
It uses a cursor which makes it a single point where on… Continue reading T-SQL, string injection, REPLACE(@myVariable, ””, ”””) approach? Once and for all
We had a "pentest" done on our website – and received the following alert (xyz.com is a placeholder for the real name.
I queried this with the testers, and they say their automated tools found this… so they can’t help till we f… Continue reading SQL Lite Injection via CSS URL
The second of three major solar eclipses in a mere six-year period swept across the United States last week. We managed to catch the first one back in 2017, and …read more Continue reading Hackaday Links: October 22, 2023
My app has an input field that is used as a source for a HTML and PDF file.
I also store this input in my database.
My question is: Is it possible to somehow write something in the text field which would then give data away or even possibl… Continue reading Is there a possible attack on a MySQL database using an input window [closed]
This is my code in phpm I was wondering if there is a way to bypass sql protection, because everything is already blocked.
Is this secure?
$max = 10;
if (isset($_GET[‘max’]) && !is_array($_GET[‘max’]) && $_GET[‘max’]>0)… Continue reading Is sql injection possible here ? or I can consider this as safe? [closed]
I’ve come across a webpage that uses Iron cookies. These cookies have the exemplary format: Fe26.2**0cdd607945dd1dffb7da0b0bf5f1a7daa6218cbae14cac51dcbd91fb077aeb5b*aOZLCKLhCt0D5IU1qLTtYw*g0ilNDlQ3TsdFUqJCqAm9iL7Wa60H7eYcHL_5oP136TOJREkS3B… Continue reading How to ignore asterisk characters in sqlmap?
I’m hosting a simple MariaDB/mySQL server on my Raspberry Pi. I would like to know whether or not this code is secure enough to reject an injection attempt made by login/signup, etc.
function secureUnInject() {
const str = String(argumen… Continue reading What’s an example of a good uninjection in Node.js? (mySQL)
I’m trying to check whether or not an injectable parameter I found is actually exploitable in a bug bounty contest my college is holding. The code base is open source so I have access to the exact SQL queries being used.
The issue is this … Continue reading MySQLi On 3 Separate Queries At Once
admin’xor(if(now()=sysdate(),sleep(5),0)xor’z
I tried this payload on my local database and removed the x like this admin’or(if(now()=sysdate(),sleep(5),0)or’z’ and it works fine
Why do we added the x? Is it to bypass some defense mechanis… Continue reading What is the role of the character x in this sql injection?
Hello there is a API that I have but I need that file’s database can you help me?
Here is how the API works.
$apiUrl = "http://example.com/index.php?id=" . $id;
$curl = curl_init($apiUrl); curl_setopt($curl, CURLOPT_RETURNTRANSFE… Continue reading Dumping database from cURL API