From d5f85f13d550511d10fe93bd1b35188cd4aa1ea2 Mon Sep 17 00:00:00 2001 From: KeoOp <94304289+NaxnN@users.noreply.github.com> Date: Sun, 16 Jul 2023 23:44:00 +0800 Subject: [PATCH 1/2] Update SQLite Injection.md add "group_concat" so that all tables can be extracted once when the query only returns the first item --- SQL Injection/SQLite Injection.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/SQL Injection/SQLite Injection.md b/SQL Injection/SQLite Injection.md index 8e02d7f..beb0443 100644 --- a/SQL Injection/SQLite Injection.md +++ b/SQL Injection/SQLite Injection.md @@ -37,11 +37,9 @@ SELECT sql FROM sqlite_schema ## Integer/String based - Extract table name ```sql -SELECT tbl_name FROM sqlite_master WHERE type='table' and tbl_name NOT like 'sqlite_%' +SELECT group_concat(tbl_name) FROM sqlite_master WHERE type='table' and tbl_name NOT like 'sqlite_%' ``` -Use limit X+1 offset X, to extract all tables. - ## Integer/String based - Extract column name ```sql From 6d12abb4ecb57445bb8786bdaea708066da215d5 Mon Sep 17 00:00:00 2001 From: preemptible <138821092+preemptible@users.noreply.github.com> Date: Tue, 18 Jul 2023 11:16:36 +0300 Subject: [PATCH 2/2] Update BOOKS.md I added 'black hat Rust', a great book in my humble opinion. --- _LEARNING_AND_SOCIALS/BOOKS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/_LEARNING_AND_SOCIALS/BOOKS.md b/_LEARNING_AND_SOCIALS/BOOKS.md index f055810..af6a465 100644 --- a/_LEARNING_AND_SOCIALS/BOOKS.md +++ b/_LEARNING_AND_SOCIALS/BOOKS.md @@ -8,6 +8,7 @@ - [Attacking Network Protocols: A Hacker's Guide to Capture, Analysis, and Exploitation by James Forshaw (2018)](https://nostarch.com/networkprotocols) - [Black Hat Go: Go Programming for Hackers and Pentesters by Tom Steele, Chris Patten, and Dan Kottmann (2020)](https://nostarch.com/blackhatgo) - [Black Hat Python: Python Programming for Hackers and Pentesters by Justin Seitz (2014)](https://www.goodreads.com/book/show/22299369-black-hat-python) +- [Black Hat Rust: Applied offensive security with the Rust programming language by Sylvain Kerkour](https://kerkour.com/black-hat-rust) - [Breaking into Information Security: Learning the Ropes 101 - Andrew Gill](https://leanpub.com/ltr101-breaking-into-infosec) - [Car Hacker's Handbook by Craig Smith (2016)](https://www.nostarch.com/carhacking) - [Cyberjutsu: Cybersecurity for the Modern Ninja by Ben McCarty (2021)](https://nostarch.com/cyberjutsu)