[SQL injection] Some technique to bypass WAF
This article is a summary of the WAF around the various methods, we can use the following methods in the test WAF bypass, I hope to help everyone. URL encode...
Tagged: sql injection
NAXSI v1.3 releases: open-source, high performance, low rules maintenance WAF for NGINX
What is Naxsi? NAXSI means Nginx Anti XSS & SQL Injection. Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset...
hasherbasher: SQL injection via bruteforced MD5 hash reflection of random strings
hasherbasher This is a tool used to help exploit poorly designed authentication systems by locating ASCII strings that when MD5 hashed, result in raw bytes that could change SQL logic....
safesql: tatic analysis tool for Go that protects against SQL injections
SafeSQL is a static analysis tool for Go that protects against SQL injections. How does it work? SafeSQL uses the static analysis utilities in go/tools to search for all call sites of...
sqli-hunter v1.2.2 releases: simple sqlmap api wrapper and proxy server
SQLi-Hunter SQLi-Hunter is a simple HTTP proxy server and a sqlmap api wrapper that makes dig SQLi easily. Installation Requirement Ruby: > 2.0.0 sqlmap Install via source code git clone...
SQL injection: Understanding mysql command
SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data...
sqliv: massive SQL injection vulnerability scanner
SQLiv Massive SQL injection vulnerability scanner Features multiple domain scanning with SQL injection dork targetted scanning by providing specific domain (with crawling) reverse domain scanning both SQLi scanning and domain...
Damn Web Scanner: web vulnerabilities scanner
Damn Web Scanner Another web vulnerabilities scanner, this extension works on Chrome and Opera. The extension is working in the background and will notify you if it finds any vulnerability...
Vulny-Code-Static-Analysis: detect vulnerabilities into a PHP source code
PHP_Code_Static_Analysis A basic script to detect vulnerabilities into a PHP source code Currently detecting : SQL injection Local File Inclusion Insecure emails Cross Site Scripting Remote Commands Execution LDAP injection...
WebVulScan: Web Application Vulnerability Scanner
WebVulScan Synopsis WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for...
sqlite-lab: vulnerable to SQL Injection and having SQLite database
sqlite-lab This code is vulnerable to SQL Injection and having SQLite database. During practicing one challenge i faced SQLI vulnerable script with SQLite database integrated with it For SQLite database,...
jSQL Injection v0.95 releases: Java application for automatic SQL database injection
jSQL Injection jSQL Injection is a lightweight application used to find database information from a distant server. It is free, open-source, and cross-platform (Windows, Linux, Mac OS X). It is...
[SQL injection] User Agent injection attack
User Agent: sometimes abbreviated as UA, the user agent is a browser text string that is given to each website you visit; containing information such as the browser version, compatibility,...
viSQL: Scan SQL vulnerability on target site and sites of on server
viSQL Scan SQL vulnerability on target site and sites of on server. Installation Demo Source: Github
RED HAWK: All in one tool for Information Gathering, Vulnerability Scanning and Crawling
RED HAWK All in one tool for Information Gathering and Vulnerability Scanning Scans That You Can Perform Using RED HAWK : Basic Scan Site Title NEW IP Address Web Server Detection IMPROVED CMS Detection Cloudflare...
