/
web app pentesting
/
sql injection
Menu
SQL Injection
What is SQL injection (SQLi)?
How to detect SQL injection vulnerabilities
Weird behavior
SQL injection in different parts of the query
Retrieving hidden data
Subverting application logic
SQL injection UNION attacks
Determining the number of columns required
Database-specific syntax
Finding columns with a useful data type
Using a SQL injection UNION attack to retrieve interesting data
Retrieving multiple values within a single column
Union SQLi Main Ideas Handwritten
Examining the database in SQL injection attacks
Listing the contents of the database
SQL injection in different contexts
Bug Bounty
Blind SQL injection
Exploiting blind SQL injection by triggering conditional responses
Blind SQLi main ideas handwritten
Error-based SQL injection
Exploiting blind SQL injection by triggering conditional
errors
Extracting sensitive data via verbose SQL error messages
Exploiting blind SQL injection by triggering time delays
Exploiting blind SQL injection using out-of-band (OAST) techniques
Exploiting blind SQL injection using out-of-band (OAST) techniques - Continued
Second-order SQL injection
How to prevent SQL injection
Blind SQLi Main Commands
Logical Operators
THM
