SQL Injection Bypassing HandBook
Table of contents
Chapter I:::
- SQL Injection: What is it?
- SQL Injection: An In-depth Explanation
- Why is it possible to pass SQL queries directly to a database that is hidden behind a firewall and any other security mechanism?
- Is my database at risk to SQL Injection?
- What is the impact of SQL Injection?
- Example of a SQLInjection Attack
WebApplication Firewalls::
- Detecting A WAF
- Prompt Message
- Dotdefender
- Observing HTTP Response
Chapter II
Advanced evasion techniques for defeating SQL injection Input validation mechanisms
Web applications are becoming more and more technically complex. Web applications, their
- Whitespace
- Null Bytes
- SQL Comments
- URL Encoding
- Changing Cases
- Encode to Hex Forbidden
- Replacing keywords technique
- WAF Bypassing – using characters
- HTTP Parameter Pollution (HPP)
- CRLF WAF Bypass technique
- Buffer Overflow bypassing
Chapter III
Let’s see the matter in an orderly fashion from the beginning
- See If Site vulnerability Or Not
- Get Column Number
- Bypassing union select
- Get Version
- Group & Concat
- Bypass with Information_schema.tables
- Requested Baypassing
Chapter IIII
Other issues related to the subject
- Null Parameter
- FIND VULNERABLE COLUMNS
- Count(*)
- unhex()
- Get database
