Collaborate Disseminate
I am currently working on a bug bounty program and in one subdomain of my target there is a Blind SQL flaw in a cookie. The back-end is MSSQL/ASP.net however, since cookies are separated by semicolons ";" I can’t find a way to tr… Continue reading Blind MSSQL Injection – Stacked query in cookies
I have several Web APIs that are used by the UI, for these APIs I have several validations that prevent users from adding invalid data. On the other hand, I have some APIs that are not used by any UI, these APIs are called from another cod… Continue reading What are the security vulnerability of letting users insert anything to a nvarchar sql column?
I stumbled upon a case where several database entries were updated. And the update is rather unusual.
For example if I have an entry named:
Watermelon
The updated version is:
Watermelon<IMG SRC="/WF_SQL_XSRF.html">
The WF… Continue reading Weird entry in SQL Server database, is this a result of SQL Injection?
I have a SQL database and I have enabled the Always Encrypted feature. Can I claim that Data at Rest is fulfilled? or do I have to secure the backup files using certificates to claim that our database is secure with respect to Data at Rest… Continue reading SQL Column encryption can be part of Data at Rest?
I’m developing an application that will connect to Microsoft SQL Server in a local network:
I’m considering whether these connections need to use TLS
Or whether to leave it to the customer’s administrators to use an encrypted tunnel, if t… Continue reading SQL Server connections with TLS vs. through an encrypted tunnel?
I’m currently testing an application, which connects to a MS-SQL database. Through Wireshark, I can see that the application uses TDS to connect to the database. Furthermore, I can see that both the queries and results are UTF-16 encoded a… Continue reading How is TDS authentication data protected?
My question is prompted by the fact that WinHost.com has some really cheap shared hosting for SQL Server where you don’t need to manage your own Virtual Private Server. Unfortunately there is no firewall so you can access the server from a… Continue reading Security risks of using SQL Server without a firewall
I would like to know if I can use my SSL certificates that I use on my website (based on nodejs and express) for access to mysql database remotely, or if it is better to create new certificate.
My webserver has access to the database by lo… Continue reading Can I use my HTTP/SSL certificate for mysql?
I know the best way to prevent SQL-injection is parameterized queries. But this is not possible in the specific use case because the client has to be able to input SQL statements directly.
So what my client did was to use a blacklist, whic… Continue reading SQLinjection prevention: parser + blacklist?
Select Price(Example) from Products and then? I was wondering if I can use something like Price-7% update Price, or something along those lines…