Archive of Attack detect Error Find Fuzzing Injection Strings Test
SQL injection attacks.
-
SQL Injection Detection
Posted in SQL Injection TestDetect potential SQL injection vulnerabilities. The first step towards achieving a successful SQL injection attack is to detect vulnerabilities. Of course, some tools can automate the process, but it’s better to understand how detection can be done manually. In addition, there are some situations where...
Continue reading this entry → -
SQL Injection and String Parameters
Posted in SQL Injection BasicsHow to perform SQL injection in text fields. The only difference between numeric parameters and string parameters is that the latter is enclosed between quotes. From an attacker perspective it simply means that the injected SQL segment must be crafted in...
Continue reading this entry → -
SQL Injection Attacks and Numeric Parameters
Posted in SQL Injection BasicsUnderstanding numeric SQL injection. Attacks against numeric parameters are the simplest way to achieve a SQL injection. This kind of vulnerability is also widely spread since developers often consider that numeric parameters are safe when in most cases they are not. Let's now see...
Continue reading this entry → -
Sqlmap Overview
Posted in SqlmapA quick presentation of sqlmap, a popular SQL injection tool. Sqlmap is an open source SQL injection tool that automates the process of testing and exploiting SQL injection vulnerabilities. The tool being developed in Python, you can use it on any operating system as long as you have a Python...
Continue reading this entry → -
Stored Procedure Attacks
Posted in ProceduresUnderstand SQL injection attacks against stored procedures and functions. It is often believed that stored procedures are not vulnerable to SQL injection attacks, but the reality is totally different. In fact, stored procedures and PL/SQL can be vulnerable to SQLIA. This article covers the different situations...
Continue reading this entry → -
PL/SQL Attacks
Posted in PL/SQLUnderstand SQL injection attacks against PL/SQL. PL/SQL, like stored procedures, can be vulnerable to SQL injection attacks. When PL/SQL code integrates user input into a query and executes it, we encounter exactly the same problem we have when we build a classic dynamic query. In...
Continue reading this entry → -
SQL Injection Risks
Posted in SQL Injection IntroductionSecurity impact of SQL injection and risk associated to vulnerable systems. Understanding the risks of SQL injections is non negligible for anyone who might be concerned by this security issue. Whether you are a business decision maker, a developer or a system administrator, you need to be aware of the possible...
Continue reading this entry → -
What is SQL Injection
Posted in SQL Injection IntroductionDefinition, basic principles and categories of SQL injection. SQL injection (SQLI) is a technique that allows a user to inject SQL commands into the database engine from a vulnerable application. By leveraging the syntax and capabilities of SQL, the attacker can influence the query passed to the back-end...
Continue reading this entry →
