SQL Injection – Page 5 – WindowsTechs.com

SQL Lite Injection via CSS URL

Posted on November 7, 2023 by Stephen Knott

We had a "pentest" done on our website – and received the following alert (xyz.com is a placeholder for the real name.
I queried this with the testers, and they say their automated tools found this… so they can’t help till we f… Continue reading SQL Lite Injection via CSS URL→

Hackaday Links: October 22, 2023

Posted on October 22, 2023 by Dan Maloney

The second of three major solar eclipses in a mere six-year period swept across the United States last week. We managed to catch the first one back in 2017, and …read more Continue reading Hackaday Links: October 22, 2023→

Is there a possible attack on a MySQL database using an input window [closed]

Posted on October 18, 2023 by VicTheWise

My app has an input field that is used as a source for a HTML and PDF file.
I also store this input in my database.
My question is: Is it possible to somehow write something in the text field which would then give data away or even possibl… Continue reading Is there a possible attack on a MySQL database using an input window [closed]→

Is sql injection possible here ? or I can consider this as safe? [closed]

Posted on September 27, 2023 by Abhinav

This is my code in phpm I was wondering if there is a way to bypass sql protection, because everything is already blocked.
Is this secure?
$max = 10;

if (isset($_GET[‘max’]) && !is_array($_GET[‘max’]) && $_GET[‘max’]>0)… Continue reading Is sql injection possible here ? or I can consider this as safe? [closed]→

How to ignore asterisk characters in sqlmap?

Posted on September 25, 2023 by Andres R

I’ve come across a webpage that uses Iron cookies. These cookies have the exemplary format: Fe26.2**0cdd607945dd1dffb7da0b0bf5f1a7daa6218cbae14cac51dcbd91fb077aeb5b*aOZLCKLhCt0D5IU1qLTtYw*g0ilNDlQ3TsdFUqJCqAm9iL7Wa60H7eYcHL_5oP136TOJREkS3B… Continue reading How to ignore asterisk characters in sqlmap?→

What’s an example of a good uninjection in Node.js? (mySQL)

Posted on September 24, 2023 by Parking Master

I’m hosting a simple MariaDB/mySQL server on my Raspberry Pi. I would like to know whether or not this code is secure enough to reject an injection attempt made by login/signup, etc.
function secureUnInject() {
const str = String(argumen… Continue reading What’s an example of a good uninjection in Node.js? (mySQL)→

MySQLi On 3 Separate Queries At Once

Posted on September 12, 2023 by Anili

I’m trying to check whether or not an injectable parameter I found is actually exploitable in a bug bounty contest my college is holding. The code base is open source so I have access to the exact SQL queries being used.
The issue is this … Continue reading MySQLi On 3 Separate Queries At Once→

What is the role of the character x in this sql injection?

Posted on August 27, 2023 by The-Jeune

admin’xor(if(now()=sysdate(),sleep(5),0)xor’z
I tried this payload on my local database and removed the x like this admin’or(if(now()=sysdate(),sleep(5),0)or’z’ and it works fine
Why do we added the x? Is it to bypass some defense mechanis… Continue reading What is the role of the character x in this sql injection?→

Dumping database from cURL API

Posted on August 26, 2023 by Kafası Güzel Penguen

Hello there is a API that I have but I need that file’s database can you help me?
Here is how the API works.
$apiUrl = "http://example.com/index.php?id=" . $id;
$curl = curl_init($apiUrl); curl_setopt($curl, CURLOPT_RETURNTRANSFE… Continue reading Dumping database from cURL API→

Is ‘T’ the same than CAST(X’54’ as Text) in SQL? (SQLITE)

Posted on July 29, 2023 by ilich262

I am doing the room SQL Injection Lab and I dont understand something about task 6: Vulnerable Startup: Broken Authentication 3 (Blind Injection). The room says that ‘T’ will be changed to ‘t’ by the application. So, we need to change ‘T’… Continue reading Is ‘T’ the same than CAST(X’54’ as Text) in SQL? (SQLITE)→