Tech Articles

SQL Commands – Minimal Cheatsheet 2020

SQL is a standard language for accessing and manipulating databases. Although SQL is an ANSI/ISO standard, there are different versions of the SQL language. However, to be compliant with the ANSI standard, they all support at least the major commands (such as SELECT, UPDATE, DELETE, INSERT, WHERE) in a similar manner. DELETE – DELETE statements […]

Tech Articles

4 Best ways to Prevent SQL Injection Vulnerability [PHP]

SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations. It is perhaps one of the most common application layer attack techniques used today. It is the type of attack that takes advantage of improper coding of your web applications that allows hacker to inject SQL commands […]

Tech Articles

SQL Injection Prevention – A Practical Approach

SQL injection is a technique, used to attack data-driven applications. Using this method, hackers will try to execute their SQL statements within your application and access your database data. Here is an example SQL injection. Let’s consider you have a login form with two fields – username (text field) and password (password field). Upon login, […]

Tutorials

Privilege Escalation via SQL Injection in Joomla 3.8.3 – Live Exploitation

It is common knowledge that there are bad people attacking systems on the Internet, regardless of the nature of the business. As a defensive countermeasure, organizations put their trust in solutions for defense from these cyber threats. The problem with this strategy is the vendor is not the victim of an attack and doesn’t absorb […]

Tech Articles

Simple Tips to Prevent SQL Injection Vulnerability

As seen from the previous articles, SQL injection has the ability to attack a web server database, compromise critical information, and expose the server and the database to a variety of malicious exploits; however, there are measures that can be applied to mitigate SQL injection attacks. Use of these practices does not guarantee that SQL […]

Tech Articles

The Top Security Vulnerabilities

Unvalidated data Never trust anything you get from a Web browser. The browser is completely outside of your control, and it’s easy to fake values like the HTTP referrer. It’s also easy to fake a hidden field in a form. More importantly, when dealing with forms, for example, validate the data carefully. Use a “deny all, […]

Tutorials

SQL Injection – A Complete Understanding Tutorial

SQL injection is an attack to circumvent scripts using SQL queries, as is often the case on websites, and especially for user authentication systems. [#] Introduction – SQL, or Structured Query Language, is a Standard and standardized computer pseudo-language, intended to interrogate or manipulate a relational database – Wikipedia. Today, with the development of dynamic […]

Q&A

Top 40 XSS (Cross Site Scripting) Revision Questions with Answers

The below questions and answers are designed to both measure your understanding of the concepts of XSS -Cross Site Scripting Attacks and Prevention. Q1: What is the difference between HTML Injection and XSS? A: Both of them refer to exactly the same thing. In one of the situations, the attacker injected valid HTML tags, while […]

Tutorials

Advanced Error Based SQL Injection Exploitation – Manually

Previously we exploited a SQL injection vulnerable website with one of the most popular automated tool called as SQLMAP and now in this article, we’ll try to exploit the similar vulnerable website manually with Error based SQL Injection attack. SQL Injection (aka Structured Query Language Injection) is the first step in the entry to exploiting […]

Tutorials

SQLiv – Massive SQL Injection Scanner

SQL injection is one of the most prominent vulnerabilities for web-based applications. In last article, we’ve used viSQL through which we scanned the whole server for SQL Injection vulnerabilities with the help of Crawling and Reverse IP domain check feature. Today we’ll discuss about SQLiv tool which is a massive SQL Injection scanner through which […]

Tutorials

Scan SQL Injection vulnerability on whole server

SQL injection occurs when an application processes user-provided data to create an SQL statement without first validating the input and then submits the statement to a database server for execution. When successfully exploited, SQL injection can give an attacker the means to access back-end database content, remotely execute system commands and in some circumstances, take control of the server that is hosting […]