sql injection

CVE-2023-35036: Critical SQL Injection Vulnerability in MOVEit Transfer

• Vulnerability

CVE-2023-35036: Critical SQL Injection Vulnerability in MOVEit Transfer

do son June 11, 2023

Recently, Progress Software’s MOVEit Transfer application has been spotlighted due to newly uncovered SQL injection vulnerabilities, threatening...

Read More Read more about CVE-2023-35036: Critical SQL Injection Vulnerability in MOVEit Transfer

SQL injection: 9 ways to bypass Web Application Firewall

• Web Exploitation
• WebApp PenTest

SQL injection: 9 ways to bypass Web Application Firewall

do son June 19, 2019

A web application firewall (or WAF) filters, monitors, and blocks HTTP traffic to and from a web application. A WAF is differentiated from...

Read More Read more about SQL injection: 9 ways to bypass Web Application Firewall

[SQL injection] Some technique to bypass WAF

• Web Exploitation

[SQL injection] Some technique to bypass WAF

do son June 18, 2019

This article is a summary of the WAF around the various methods, we can use the following...

Read More Read more about [SQL injection] Some technique to bypass WAF

NAXSI v1.3 releases: open-source, high performance, low rules maintenance WAF for NGINX

• Defense

NAXSI v1.3 releases: open-source, high performance, low rules maintenance WAF for NGINX

do son April 16, 2019

What is Naxsi? NAXSI means Nginx Anti XSS & SQL Injection. Technically, it is a third party nginx module, available as a...

Read More Read more about NAXSI v1.3 releases: open-source, high performance, low rules maintenance WAF for NGINX

hasherbasher: SQL injection via bruteforced MD5 hash reflection of random strings

• Web Exploitation

hasherbasher: SQL injection via bruteforced MD5 hash reflection of random strings

do son February 11, 2019

hasherbasher This is a tool used to help exploit poorly designed authentication systems by locating ASCII strings...

Read More Read more about hasherbasher: SQL injection via bruteforced MD5 hash reflection of random strings

safesql: tatic analysis tool for Go that protects against SQL injections

• Programming
• Web Vulnerability Analysis

safesql: tatic analysis tool for Go that protects against SQL injections

do son March 22, 2018

SafeSQL is a static analysis tool for Go that protects against SQL injections. How does it work?...

Read More Read more about safesql: tatic analysis tool for Go that protects against SQL injections

sqli-hunter v1.2.2 releases: simple sqlmap api wrapper and proxy server

• Web Exploitation

sqli-hunter v1.2.2 releases: simple sqlmap api wrapper and proxy server

do son January 13, 2018

SQLi-Hunter SQLi-Hunter is a simple HTTP proxy server and a sqlmap api wrapper that makes dig SQLi...

Read More Read more about sqli-hunter v1.2.2 releases: simple sqlmap api wrapper and proxy server