Questions tagged [sql-injection]
SQL injection is a technique used to take advantage of vulnerabilities arising from non-validated input on web applications to pass SQL commands through for execution on a backend database.
932
questions
0
votes
0
answers
38
views
Understanding Search Behavior on a Website [URL Encoding and Query Handling] [closed]
I’m currently testing the search feature on a website, and I’ve encountered an interesting behavior. The site displays the search query in the page itself, even if it’s an XSS payload (although it ...
- 11
1
vote
0
answers
82
views
MySQL Injection with a incomplete database [closed]
I have a database in which most or maybe even all columns are empty. Yet I have to gain access to the database via a user called Tom.
I found out that the table is called users and the query the ...
0
votes
1
answer
52
views
How to bypass htmlentities($_POST['username'],ENT_QUOTES) SQL injection
What is the sample payload to bypass this protection for SQL injection in PHP code?
.
.
.
htmlentities($_POST['username'],ENT_QUOTES)
.
.
.
$myquery = mysql_query(sprintf("SELECT * FROM `users` ...
- 61
1
vote
1
answer
87
views
Could post-execution filtering help stop SQLi data theft?
A few days ago, I thought of an idea that I haven’t heard of being implemented into SQL databases (not that I know a lot about the topic)- and I want your opinions on whether it is any good- and ...
- 1,021
0
votes
3
answers
118
views
Is Homomorphic SQL Query Encryption a good idea - and should I use It?
My web app still needs a lot of work on it in the security department, so I'm considering implementing homomorphic encryption for my SQL database- to help protect from the outcomes of SQLi.
I know the ...
- 1,021
1
vote
0
answers
82
views
Is it possible to exploit this supposedly boolean-based blind and time-based blind SQLi (sqlmap)?
I recently found a boolean-based blind SQLi and since I'm new to the bug bounty scene - I don't understand what impact I can extract from it.
There is a website like example.com/tarif?tableId=136&...
- 11
2
votes
1
answer
108
views
sqlmap will not save half dumped data in CSV File?
Is there any way to save half-dumped output in csv file or in table format in sqlmap?
Look below image for better understanding. The target is boolean-based blind injection vulnerable. For sure, this ...
- 41
0
votes
0
answers
102
views
Accidently used --flush-session --batch in sqlmap tool. Need help!
I was working on a target where sqlmap detected boolean based time blind injection. Everything was working perfect but you know it was time blind injection so I knew that this is going to take forever ...
- 41
2
votes
1
answer
93
views
sqlmap cannot detect a confirmed vulnerability
I have a verified injection which looks like:
/page/(SELECT+SLEEP(10))
But sqlmap cannot detect it no matter what.
This is how I'm running sqlmap:
sqlmap -u 'http://MY-SITE/page/*' --level=5 --risk=3 -...
- 121
0
votes
0
answers
87
views
Problem bypassing a PHP WAF for SQLi
I am working to bypass this WAF, but I have some problems.
$args_arr=array(
'sql'=>"[^\\{\\s]{1}(\\s|\\b)+(?:select\\b|update\\b|insert(?:(\\/\\*.*?\\*\\/)|(\\s)|(\\+))+into\\b).+?...
1
vote
1
answer
111
views
xp_cmdshell as dbo user only able to run 'ping localhost' to verify RCE?
I am doing a pentest on a client's ASP web application and I have identified a blind SQL injection. However, after enabling xp_cmdshell, I am only able to run the ping localhost command to verify the ...
- 11
0
votes
0
answers
62
views
Getting around a WAF's restrictions for SQLi
I have this payload: AND SELECT SUBSTR(table_name,1,1) FROM information_schema.tables > 'A'
but a WAF restricts table_name and information_schema keywords and gives a not acceptable message.
Is ...
- 1
1
vote
2
answers
217
views
SQL injection using “True” or “Null”
In a discussion about sql injections, a claim was made that the actress Rachel True has computer problems due to her last name, including not being able to get an iCloud account, and not being able to ...
- 2,489
0
votes
0
answers
78
views
T-SQL, string injection, REPLACE(@myVariable, '''', '''''') approach? Once and for all
I see there are forums about this question, but everywhere, I fail to see the answer I am looking for.
I have a stored procedure which its purpose is to execute dynamic SQL statement.
It uses a cursor ...
- 1
1
vote
1
answer
533
views
SQL Lite Injection via CSS URL
We had a "pentest" done on our website - and received the following alert (xyz.com is a placeholder for the real name.
I queried this with the testers, and they say their automated tools ...
