An SQL injection is an attack in which malicious code is embedded in a poorly-designed application and then passed to the backend database. The malicious data then produces database query results or actions that should never have been executed. Below are links to SQL Injection Cheat Sheets and Tools to play with in your virtual […]
Category: SQL Injection
SQL Injection Links and Cheat Sheets
Oracle Injection: http://www.sqlinjectionwiki.com/Categories/3/oracle-sql-injection-cheat-sheet/ MySQL Injection: http://www.sqlinjectionwiki.com/Categories/2/mysql-sql-injection-cheat-sheet/ http://www.securiteam.com/securityreviews/5DP0N1P76E.html http://attack.samsclass.info/sqlol-raw/search-raw.htm https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/
Tools used to test for SQL Injection
Reference: OWASP Testing for SQL Injection OWASP SQLiX Sqlninja: a SQL Server Injection & Takeover Tool – http://sqlninja.sourceforge.net Bernardo Damele A. G.: sqlmap, automatic SQL injection tool – http://sqlmap.org/ Absinthe 1.1 (formerly SQLSqueal) – http://sourceforge.net/projects/absinthe/ SQLInjector – Uses inference techniques to extract data and determine the backend database server. http://www.databasesecurity.com/sql-injector.htm Bsqlbf-v2: A perl script allows […]
What is Blind SQL Injection?
Blind SQL Injection is a type of SQL Injection attack in which an attacker sends True or False queries to the database server in order to gather information.
Use the following code examples to inject: ‘ or ‘1’=’1 The following steps show how a hacker can bypass Web Application Security by performing an SQL injection attack into a web site that connects to an SQL Server. This example is for an older SQL Server product as Microsoft has disabled some of […]