Archive of Blind Comment diff Page Source Response Status Code Test wget
Test for SQL injection.
-
Analysing Server Response and Page Source
Posted in AnomaliesSubtle impacts of SQL injection attacks on response. It is not always easy to tell if an inbound SQL injection test is positive or negative. Sometimes, a slight difference in the server response can indicate the attacker is on the right way. By carefully analysing the source code...
Continue reading this entry → -
SQL Injection Inference Attacks
Posted in SQL Injection TechniquesUnderstanding the fundamentals inference attacks. Inference technique is the pillar of blind SQL injection and it is used in many advanced attacks. It allows testing for vulnerabilities and even extract information when no data is returned to the end user. Moreover, mastering its fundamentals will...
Continue reading this entry → -
Extracting Information from Custom Errors
Posted in AnomaliesUnderstanding information provided by application errors. Software developers often use error handling and validation mechanisms to prevent the application from crashing when an unexpected event occurs. In those situations custom errors are habitually returned to the user to indicate that something wrong happened (without providing full...
Continue reading this entry → -
Detecting SQL Injection Vulnerabilities from HTTP Errors
Posted in AnomaliesUnderstanding HTTP errors generated by SQL injection attacks. While testing for SQL injection vulnerabilities or attempting to take over a query, the attacker may face different HTTP status codes. Those responses may indicate that the SQL injection partially worked and therefore give precious hints to the tester. This...
Continue reading this entry → -
SQL Injection and Database Errors
Posted in AnomaliesUnderstand and identify database errors. Information leaked by errors, especially database errors, can help an attacker to achieve a successful SQL injection attack. They basically give hints to help crafting an SQL segment that will be correcly integrated in the query. It can also reveal...
Continue reading this entry → -
SQL Injection Detection
Posted in SQL Injection TestDetect potential SQL injection vulnerabilities. The first step towards achieving a successful SQL injection attack is to detect vulnerabilities. Of course, some tools can automate the process, but it’s better to understand how detection can be done manually. In addition, there are some situations where...
Continue reading this entry → -
Simulation Environment
Posted in SQL Injection ResourcesDownload a testing environment to practice SQL injection attacks. In order to master principles explained on this website, it is essential to apply them in a real world situation. Because trying SQL injection attacks on a system you do not own is illegal and might get you in a...
Continue reading this entry →