Collaborate Disseminate
Application login request is shown below.
The postgres information is passed via the cabinetName parameter. Is it a vulnerability? is it useful? can we exploit it?
or any other ways to exploit below request?
POST /<REDACTED>/LoginSer… Continue reading postgres database information passing in request can we exploit further? [closed]
What are the practical differences between them? i.e. a parameter referred to as being "dynamic" and "not dynamic"?
Continue reading What’s the difference between dynamic and static parameters in Sqlmap?
I have a target website, which parameter is not a regular parameter, which looks like:
POST /some_url
‘info={"actual_parameter1": "abc", "actual_parameter2": "def"}’
info is not the actual_paramete… Continue reading How to use sqlmap when the injectable parameter is not a regular parameter?
While I was pentesting, I came across a blind sql injection in a website that uses IIS. I tried this payload " AND 11=11 AND (‘Hlua’=’Hlua" and it works and it gives success page then i tried " AND 11=12 AND (‘Hlua’=’Hlua&qu… Continue reading sql injection in Microsoft SQL Server 2017 problem retrieving db names
While I was pentesting, I came across a blind sql injection in a website that uses IIS. I tried this payload " AND 11=11 AND (‘Hlua’=’Hlua" and it works and it gives success page then i tried " AND 11=12 AND (‘Hlua’=’Hlua&qu… Continue reading sql injection in Microsoft SQL Server 2017 problem retrieving db names
I have a URL, which looks like:
POST /v1/api/user/resetUserPassword
this API only accepts 1 parameter: email
and the response looks like:
200 when parameter is valid, and everything is OK in backend, e.g. email=iamgood@example.com, ret… Continue reading Is it possible to sqli a url, which throw blank body and 400 code when SQL error? [closed]
Oxeye discovered a new vulnerability (CVE-2023-0620) in the HashiCorp Vault Project, an identity-based secrets and encryption management system that controls access to API encryption keys, passwords, and certificates. The vulnerability was an SQL injec… Continue reading HashiCorp Vault vulnerability could lead to RCE, patch today! (CVE-2023-0620)
I am woking on a CTF game at my school.
I have an invented a scenario where the first step is basic SQL injection to a WordPress widget I created. When it starts, it creates a "menu" table in the database with the rows "id&… Continue reading Creating a WordPress SQL injection vulnerability [migrated]
See bellow php code that takes a url param, queries a db and then returns a string:
$inpt = ereg_replace("[^A-Za-z0-9" . ” . "]", "", $_GET[‘param’]);
$rtrn = $core_db->Execute("Select col1, col2, … Continue reading This is supposed to be vulnerable to SQL injection but I can’t really see how. Is it really that bad?
I am going through some basic security training involving exploiting an SQL injection in a test service. I am trying to get sqlmap to dump the DB contents. I found a vulnerable endpoint, I can manually construct a request that retrieves in… Continue reading sqlmap UNION query based injection, fix certain column values