• Home
  • Introduction
    • What Is SQL Injection
    • SQL Injection Risks
  • Attacks
    • Basics
    • Test
      • SQL Injection Detection
      • Identify Data Entries
      • Determining Query Structure
      • Anomalies
    • Techniques
    • Extract Information
    • Blind
  • Advanced
    • Stored Procedures Attacks
    • SQL Injection Tools
    • Uncategorized Notes
  • Defense
    • Code Level Defense
  • Resources
    • Simulation Environment
  • About
    • About Us
    • Contact Us
Logo SQL Injection

  • GET THE BOOK!

  • Recent Articles

    • Time-Based Blind SQL Injection using Heavy Query
    • Estimating MySQL Table Size using SQL Injection
    • Time-Based Blind SQL Injection Attacks
    • Analysing Server Response and Page Source
    • Database Fingerprinting for SQL Injection

Archive of Notes

All articles related to advanced SQL injection attacks are grouped in this category. You will learn techniques that security professionals and hackers use to find flaws.

  • Minimal SELECT Structure

    Minimal SELECT Structure

    Posted in Notes

    Simplifying SELECT statements. It is pretty hard to create a valid query when almost no information about the database or the query is known. This can also make testing pretty difficult. Fortunately, some database management systems support minimal query structures and it is...

    Continue reading this entry →
  • Implicit Numeric Conversion in SQL

    Implicit Numeric Conversion in SQL

    Posted in Notes

    Numeric values between quotes.. Some database management systems support SQL syntax where numeric values are enclosed between quotes. As I know, only MySQL and SQL Server support this particular syntax. Let’s start with a quick example. It is important to mention here that the...

    Continue reading this entry →
  • Sqlmap Overview

    Sqlmap Overview

    Posted in Sqlmap

    A quick presentation of sqlmap, a popular SQL injection tool. Sqlmap is an open source SQL injection tool that automates the process of testing and exploiting SQL injection vulnerabilities. The tool being developed in Python, you can use it on any operating system as long as you have a Python...

    Continue reading this entry →
  • Sqlmap Tutorial

    Sqlmap Tutorial

    Posted in Sqlmap

    Getting started with sqlmap. Using sqlmap can be tricky when you are not familiar with it. This sqlmap tutorial aims to present the most important functionalities of this popular sql injection tool in a quick and simple way. Before using sqlmap you must first Continue reading this entry →

  • Stored Procedure Attacks

    Stored Procedure Attacks

    Posted in Procedures

    Understand SQL injection attacks against stored procedures and functions. It is often believed that stored procedures are not vulnerable to SQL injection attacks, but the reality is totally different. In fact, stored procedures and PL/SQL can be vulnerable to SQLIA. This article covers the different situations...

    Continue reading this entry →
  • PL/SQL Attacks

    PL/SQL Attacks

    Posted in PL/SQL

    Understand SQL injection attacks against PL/SQL. PL/SQL, like stored procedures, can be vulnerable to SQL injection attacks. When PL/SQL code integrates user input into a query and executes it, we encounter exactly the same problem we have when we build a classic dynamic query. In...

    Continue reading this entry →
  • mysql_real_escape_string SQL injection

    mysql_real_escape_string SQL injection

    Posted in PHP

    Understanding how to safely use mysql_real_escape_string function. PHP provides mysql_real_escape_string() to escape special characters in a string before sending a query to MySQL. This function was adopted by many to escape single quotes in strings and by the same occasion prevent SQL injection attacks. However, it can create...

    Continue reading this entry →

  • About

    Sqlinjection.net was developed to provide information about SQL injection to students, IT professionals and computer security enthusiasts. It intends to be a reference about this security flaw.

    Read more

  • Main Sections

    • Introduction to SQL Injection
    • SQL injection Tutorial
    • Advanced SQL Injection
    • Securing Against SQL Injection
    • Resources for SQL Injection

  • Disclamer

    This website and/or it's owner is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to sqlinjection.net.
  • Sqlinjection.net Logo
Copyright 2020 SQLINJECTION.NET - All rights reserved. Copyright  ·  Disclaimer  ·  Terms of Use  ·  Privacy Policy  ·  Back to Top ↑