mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 18:36:10 +00:00
SQLmap reduce requests
This commit is contained in:
parent
6ee918b060
commit
0f621e67d1
@ -62,6 +62,7 @@ Prompt injections can be used in various applications of NLP models.
|
||||
|
||||
For instance, if you're using a language model to generate a story and you want the story to be about a dragon, you might inject a prompt like "Once upon a time, there was a dragon..." This prompt guides the model to generate a story that includes a dragon.
|
||||
|
||||
|
||||
### Potential Misuse
|
||||
|
||||
In the context of security, "prompt injection" could refer to a type of attack where an attacker manipulates the input to a system (the "prompt") in order to cause the system to behave in a way that benefits the attacker. This could involve, for example, injecting malicious code or commands into user input fields on a website.
|
||||
@ -122,3 +123,4 @@ Indirect Prompt Injection use the memory features of an LLM.
|
||||
- [Brex's Prompt Engineering Guide](https://github.com/brexhq/prompt-engineering)
|
||||
- [Demystifying RCE Vulnerabilities in LLM-Integrated Apps - Tong Liu, Zizhuang Deng, Guozhu Meng, Yuekang Li, Kai Chen](https://browse.arxiv.org/pdf/2309.02926.pdf)
|
||||
- [ChatGPT: Hacking Memories with Prompt Injection - wunderwuzzi - May 22, 2024](https://embracethered.com/blog/posts/2024/chatgpt-hacking-memories/)
|
||||
- [LLM Hacker's Handbook - Forces Unseen](https://doublespeak.chat/#/handbook)
|
@ -33,6 +33,7 @@ Attempting to manipulate SQL queries may have goals including:
|
||||
* [Using Chrome cookie and a Proxy](#using-chrome-cookie-and-a-proxy)
|
||||
* [Using suffix to tamper the injection](#using-suffix-to-tamper-the-injection)
|
||||
* [General tamper option and tamper's list](#general-tamper-option-and-tampers-list)
|
||||
* [Reduce Requests Number](#reduce-requests-number)
|
||||
* [SQLmap without SQL injection](#sqlmap-without-sql-injection)
|
||||
* [Authentication bypass](#authentication-bypass)
|
||||
* [Authentication Bypass (Raw MD5 SHA1)](#authentication-bypass-raw-md5-sha1)
|
||||
@ -290,6 +291,16 @@ tamper=name_of_the_tamper
|
||||
|versionedmorekeywords.py | Encloses each keyword with versioned MySQL comment |
|
||||
|xforwardedfor.py | Append a fake HTTP header 'X-Forwarded-For' |
|
||||
|
||||
|
||||
### Reduce Requests Number
|
||||
|
||||
`--test-filter` is helpful when you want to focus on specific types of SQL injection techniques or payloads. Instead of testing the full range of payloads that SQLMap has, you can limit it to those that match a certain pattern, making the process more efficient, especially on large or slow web applications.
|
||||
|
||||
```ps1
|
||||
sqlmap -u "https://lab_host/filter?category=demo" -p category --test-filter="Generic UNION query (NULL)"
|
||||
```
|
||||
|
||||
|
||||
### SQLmap without SQL injection
|
||||
|
||||
You can use SQLmap to access a database via its port instead of a URL.
|
||||
|
Loading…
Reference in New Issue
Block a user