Commit Graph

135 Commits

Author SHA1 Message Date
Swissky
9932059563 YAML Deserialization 2024-11-17 20:48:10 +01:00
Swissky
b98f8ca587 DB2 Injection updates 2024-11-17 18:37:07 +01:00
Swissky
3c5bab0338 SQL - File Manipulation and Error Based Injection 2024-11-16 18:49:01 +01:00
Swissky
9a908a15d2 MSSQL, OracleSQL, PostgreSQL Substring Equivalent 2024-11-16 15:35:43 +01:00
Swissky
67af38aa4e SQL Injections - Updates for MSSQL, Oracle, PostgreSQL 2024-11-15 23:56:04 +01:00
Swissky
f57d0813ca SQL - MySQL Page Cleanup 2024-11-15 18:42:58 +01:00
Swissky
cde11da0c7 SQL Injection - Methodology 2024-11-15 14:48:58 +01:00
Swissky
f333d48960 Fix invalid spaces indents 2024-11-13 14:08:26 +01:00
Swissky
48a4e5c95b Normalize page header for SQLi, Upload, Cache Deception 2024-11-10 20:49:52 +01:00
Swissky
d80f73a829 Normalize page header for API, CSPT, CORS, CSRF 2024-11-09 23:01:39 +01:00
Swissky
b2bb1df9a9 References addded for SQLi, Upload, SSTI, Type Juggling 2024-11-07 20:54:16 +01:00
n3rada
a590290016
PostgreSQL privilege list update 2024-11-07 15:12:58 +01:00
Swissky
a5de8cf062 SQL injections references updates 2024-11-03 14:06:53 +01:00
Swissky
944fe0db7b SQLmap tips moved from SQL README to their own page 2024-11-02 22:47:30 +01:00
NoPurposeInLife
873ac0e727
Update MySQL Injection.md
Fixed row/data extraction from MySQL Error Based - Extractvalue Function
2024-10-31 11:25:34 +08:00
Swissky
0f621e67d1 SQLmap reduce requests 2024-10-28 17:59:33 +01:00
Swissky
d5a6811193 Fix typos 2024-09-16 18:05:54 +02:00
Mark
c3af630e1d
Update README.md 2024-05-26 10:40:54 -04:00
Mark
867f243100
Update README.md 2024-05-26 10:32:01 -04:00
mohnad banat
d834abe43c
Update SQLite Injection.md
Since sqlite version 3.33.0, sqlite_schema has been replaced by sqlite_master.
2024-04-01 20:46:09 +03:00
Swissky
dd2b68b70e PHP Deserialization + API keys table typo 2024-02-18 15:29:21 +01:00
Swissky
97cfeee270 Tools Update 2024-01-21 21:39:23 +01:00
Swissky
b07c5df892 CSS - Update style color + Blind SQL Oracle 2023-12-10 13:27:21 +01:00
Swissky
55edc9fc74 Fix MySQL duplicate cheatsheet 2023-10-01 12:45:12 +02:00
Swissky
d142587f28 Race Condition WIP + AD asreproast/kerberoasting 2023-10-01 12:42:20 +02:00
Swissky
59640ba51a MYSQL Wide byte injection (GBK) 2023-09-14 10:53:37 +02:00
Mane
811d71026f
Update MySQL Injection.md
fix typo
2023-09-13 08:33:03 -07:00
Mane
9574af9dd1
Update MySQL Injection.md
Add MYSQL Wide byte injection, it can test in Sqli-labs Less-32
2023-09-13 08:13:36 -07:00
Swissky
a0c14e5299 SQL injections - WAF bypass 2023-09-03 14:26:03 +02:00
Pak Cyberbot
d5922f421c
Update SQLite Injection.md
Column names of the specified table can be more easily extracted in a better output.
Tested during the CTF
2023-08-25 15:24:52 +05:00
KeoOp
d5f85f13d5
Update SQLite Injection.md
add "group_concat" so that all tables can be extracted once when the query only returns the first item
2023-07-16 23:44:00 +08:00
Swissky
5ddd8e04da MSSQL - Stacked Queries Delimiters 2023-06-25 00:02:54 +02:00
Swissky
6861c46fcd MySQL MSSQL Oracle SQL Update 2023-04-14 17:45:45 +02:00
somebodyoncetoldme
aa8950a273
Update PostgreSQL Injection.md
Switch "column_name" to "table_name".
2023-01-03 21:02:57 -08:00
Swissky
6dd5c18b45 Normalize Titles 2022-10-12 12:13:55 +02:00
Swissky
3f3736471e
Merge branch 'master' into patch-4 2022-10-11 11:26:28 +02:00
Deep Dhakate
a670a26eea Update 2022-10-02 06:13:01 +00:00
Swissky
c7dd67986c Oracle SQL 2022-09-13 22:04:21 +02:00
Dhmos Funk
aa89a909d1
Update PostgreSQL Injection.md 2022-09-10 15:56:31 +03:00
Swissky
7663594118
Update SQLite Injection.md 2022-09-07 14:02:38 +02:00
nerrorsec
418285b7f6
Boolean - Extract info (order by) 2022-08-13 10:07:54 +05:45
mr.The
f82efffbc7
Boolean error based* instead of just error based 2022-08-12 18:36:43 +03:00
mr.The
0d9a2354e5
Add error-based vector for the sqlite 2022-08-12 18:33:44 +03:00
its0x08
fc1f3b25a7 fix: Fix spelling 2022-08-09 11:02:21 +02:00
Jeyanthan
7ad7ae722d
Update OracleSQL Injection.md
missing 'T' in the SELECT in the  Oracle blind SQLI section
2022-07-20 13:34:27 +02:00
Swissky
28425b37a3 LFI to RCE via upload (FindFirstFile) 2022-06-19 22:48:46 +02:00
PinkDraconian
5cc8e698c9
Single quotes are messing with the command. 2022-05-15 13:53:50 +02:00
Alexandre ZANNI
c274874430
MSSQL: list permissions 2022-04-18 17:21:26 +02:00
Alexandre ZANNI
1f73834d5e
HQLi in Java apps - HITBSecConf2016 2022-04-14 18:07:35 +02:00
Swissky
4abd52697f MSSQL Agent Command Execution 2022-03-10 11:05:17 +01:00