SQLmap POST request injection
SQLmap POST request injection Sometimes SQL injection attacks are only successful with HTTP post methods. In this post, I am going to demonstrate the easiest way is to deploy a simple sqlmap command. Step...
Tagged: sql injection
jSQL Injection v0.85 releases: Java application for automatic SQL database injection
jSQL Injection is a lightweight application used to find database information from a distant server. It is free, open-source, and cross-platform (Windows, Linux, Mac OS X). It is also part of the official penetration...
SQL injection: 9 ways to bypass Web Application Firewall
A web application firewall (or WAF) filters, monitors, and blocks HTTP traffic to and from a web application. A WAF is differentiated from a regular firewall in that a WAF is able to filter the content of specific web applications while regular...
NAXSI v1.3 releases: open-source, high performance, low rules maintenance WAF for NGINX
What is Naxsi? NAXSI means Nginx Anti XSS & SQL Injection. Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple (and readable) rules containing...
sqli-hunter v1.2.2 releases: simple sqlmap api wrapper and proxy server
SQLi-Hunter SQLi-Hunter is a simple HTTP proxy server and a sqlmap api wrapper that makes dig SQLi easily. Installation Requirement Ruby: > 2.0.0 sqlmap Install via source code git clone https://github.com/sqlmapproject/sqlmap.git git clone https://github.com/zt2/sqli-hunter.git...
SQL injection: Understanding mysql command
SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify...
[SQL injection] Some technique to bypass WAF
This article is a summary of the WAF around the various methods, we can use the following methods in the test WAF bypass, I hope to help everyone. URL encode original payload: ?id=1 union...
hasherbasher: SQL injection via bruteforced MD5 hash reflection of random strings
hasherbasher This is a tool used to help exploit poorly designed authentication systems by locating ASCII strings that when MD5 hashed, result in raw bytes that could change SQL logic. How It Works When...
sqliv: massive SQL injection vulnerability scanner
SQLiv Massive SQL injection vulnerability scanner Features multiple domain scanning with SQL injection dork targetted scanning by providing specific domain (with crawling) reverse domain scanning both SQLi scanning and domain info checking are done...
Vulny-Code-Static-Analysis: detect vulnerabilities into a PHP source code
PHP_Code_Static_Analysis A basic script to detect vulnerabilities into a PHP source code Currently detecting : SQL injection Local File Inclusion Insecure emails Cross Site Scripting Remote Commands Execution LDAP injection XPATH injection Header injection...
