Questions tagged [sql-injection]
SQL injection is a technique used to take advantage of vulnerabilities arising from non-validated input on web applications to pass SQL commands through for execution on a backend database.
939 questions
1
vote
0
answers
26
views
Using database_to_xml in SQL Injection on PostgreSQL doesn't show data
we have found SQL injection on a PostgreSQL database. Stacked and UNION payloads. We have created a table to store data as needed and the UNION to extract either from the table or to pull out data ...
- 307
3
votes
1
answer
3k
views
Is this database exploitable?
I'm starting out as a bug bounty hunter and found a website that might have a problem yet I'm unsure if its exploitable or not.
When sending any payload that contains % I get an error:
Invalid query ...
- 33
0
votes
0
answers
120
views
"Blind SQL Injection (Time-Based)" vulnerability in ASP.NET web application
I am working on an ASP.NET web application, and a recent security scan (conducted using SecurityMetrics) flagged a vulnerability related to Blind SQL Injection (Time-Based). Here are the details of ...
- 101
3
votes
6
answers
5k
views
Is SQL Injection possible if we're using only the IN keyword (no equals = operator) and we handle the single quote
Our application has a filtering capability, where the database query is built dynamically as per the user-entered filter values. Prepared Statements are not an option for us.
All the filters are text ...
- 154
1
vote
0
answers
280
views
Potato exploits dont spawn reverse shell
What could be the reason for potato exploits not being able to spawn a reverse shell?
OS: Microsoft Windows Server 2022 Standard
Build: 20348
Exploits tried: RoguePotato, SigmaPotato, GodPotato
What ...
- 11
1
vote
1
answer
112
views
Testing for Broken Object Level Authorization (BOLA) vulnerabilities
I’m a security-conscious developer looking to improve the security of my web application. I’ve been researching Broken Object Level Authorization (BOLA) vulnerabilities and want to ensure that my ...
- 11
0
votes
0
answers
357
views
MariaDB SQL Injection
I'm doing a website PT lab and I'm trying to figure out SQL vulnerability in MariaDB.
After some scanning I found the /api/ path, and one of them gives the desired SQL
I found out that ' gives me the ...
- 1
5
votes
2
answers
2k
views
Addressing Potential JavaScript Injection Vulnerabilities
I am working on a project involving an input form where customers enter their name and email to start a conversation with support. The form works well, but I've noticed some issues with the 'Name' ...
- 59
2
votes
1
answer
297
views
MySQL error when SQL injecting valid command
I have internal API tool to clear database tables for testing, the code is unsafe and I want to write a small PoC. I however have troubles successfully executing this basic SQL-injection.
This ...
- 3,488
1
vote
0
answers
108
views
MySQL Injection with a incomplete database [closed]
I have a database in which most or maybe even all columns are empty. Yet I have to gain access to the database via a user called Tom.
I found out that the table is called users and the query the ...
0
votes
1
answer
94
views
How to bypass htmlentities($_POST['username'],ENT_QUOTES) SQL injection
What is the sample payload to bypass this protection for SQL injection in PHP code?
.
.
.
htmlentities($_POST['username'],ENT_QUOTES)
.
.
.
$myquery = mysql_query(sprintf("SELECT * FROM `users` ...
- 71
1
vote
1
answer
98
views
Could post-execution filtering help stop SQLi data theft?
A few days ago, I thought of an idea that I haven’t heard of being implemented into SQL databases (not that I know a lot about the topic)- and I want your opinions on whether it is any good- and ...
- 4,735
0
votes
3
answers
233
views
Is Homomorphic SQL Query Encryption a good idea - and should I use It?
My web app still needs a lot of work on it in the security department, so I'm considering implementing homomorphic encryption for my SQL database- to help protect from the outcomes of SQLi.
I know the ...
- 4,735
1
vote
0
answers
273
views
Is it possible to exploit this supposedly boolean-based blind and time-based blind SQLi (sqlmap)?
I recently found a boolean-based blind SQLi and since I'm new to the bug bounty scene - I don't understand what impact I can extract from it.
There is a website like example.com/tarif?tableId=136&...
- 11
2
votes
1
answer
525
views
sqlmap will not save half dumped data in CSV File?
Is there any way to save half-dumped output in csv file or in table format in sqlmap?
Look below image for better understanding. The target is boolean-based blind injection vulnerable. For sure, this ...
- 41