SQL Injection Links, Cheat Sheets and Tools

An SQL injection is an attack in which malicious code is embedded in a poorly-designed application and then passed to the backend database. The malicious data then produces database query results or actions that should never have been executed. Below are links to SQL Injection Cheat Sheets and Tools to play with in your virtual […]

Read More

SQL Injection Links and Cheat Sheets

Oracle Injection:  http://www.sqlinjectionwiki.com/Categories/3/oracle-sql-injection-cheat-sheet/ MySQL Injection:  http://www.sqlinjectionwiki.com/Categories/2/mysql-sql-injection-cheat-sheet/ http://www.securiteam.com/securityreviews/5DP0N1P76E.html http://attack.samsclass.info/sqlol-raw/search-raw.htm https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/  

Read More

Tools used to test for SQL Injection

Reference: OWASP Testing for SQL Injection OWASP SQLiX Sqlninja: a SQL Server Injection & Takeover Tool – http://sqlninja.sourceforge.net Bernardo Damele A. G.: sqlmap, automatic SQL injection tool – http://sqlmap.org/ Absinthe 1.1 (formerly SQLSqueal) – http://sourceforge.net/projects/absinthe/ SQLInjector – Uses inference techniques to extract data and determine the backend database server. http://www.databasesecurity.com/sql-injector.htm Bsqlbf-v2: A perl script allows […]

Read More

SQL Injection

Use the following code examples to inject: ‘ or ‘1’=’1     The following steps show how a hacker can bypass Web Application Security by performing an SQL injection attack into a web site that connects to an SQL Server. This example is for an older SQL Server product as Microsoft has disabled some of […]

Read More