🌄
Shikata Ga Nai
  • Shikata Ga Nai
  • General
  • Gaining Access
    • Nmap
    • Reverse Shell
    • Password Cracking
    • Other Services
      • 21 - FTP
      • Enumerating SMB
    • Web
      • Web Enumeration
      • XSS
      • File Inclusion
      • SQL Injection
  • Linux Foothold
    • Linux Tricks
    • Privesc
  • Windows Foothold
    • Privesc
  • Binary
    • Calling Conventions
    • Debuggers
    • Examining Binaries
    • Shellcoding
    • Bypassing Exploit Mitigation Techniques [Linux]
  • Stego
    • Stego tools
Powered by GitBook
On this page

Was this helpful?

  1. Gaining Access
  2. Web

SQL Injection

A nice way to check for this vulnerability is to input a quote and see if something goes wrong.

SQL injection can be used to bypass login, but it can also be used to gather information. Of the things you can discover:

  • The data itself.

  • Enumerate other tables.

  • Amount of rows and columns.

  • The version of the DB.

  • The user that runs the queries

Notes

Some DBs are configured to be able to interact with the OS! You can load and write to files.

The code may expect one query, so when injecting queries a LIMIT can be added.

PreviousFile InclusionNextLinux Tricks

Last updated 4 years ago

Was this helpful?