📙
AppSec
  • Overview
  • Write Ups Compilations/Resources
  • Main Resources
  • Labs
  • Cross Site Request Forgery
    • Cross Site Request Forgery (CSRF)
      • Write-ups
      • Source Code Examples
      • Labs
  • Missing Access Controls
    • Missing Access Controls
      • Write-ups
      • Source Code Examples
      • Resources
      • Testing Tips
  • LFI / Directory Traversal
    • Local File Inclusion
      • Local File Inclusion Writeups
      • Source Code Examples
      • Labs
  • XXE
    • XML External Entity (XXE)
      • Write-ups
      • Source Code Examples
      • Labs
      • More Writeups
      • Payloads
      • Resources
  • Injection
    • Command Injection
      • Writeups
    • Server-Side Template Injection
      • Server-Side Template Injection Writeups
      • More Write-ups
      • Source Code Examples
      • Labs
      • Resources
      • Payloads
      • Tools
    • SQL Injection
      • SQLI Write-ups
      • Source Code Examples
      • More Write-ups
      • Labs
      • Resources & Tools
  • SSRF
    • Server-Side Request Forgery (SSRF)
      • SSRF Write-ups
      • Source Code Review
  • Unvalidated Redirects and Forwards
    • Unvalidated Redirects and Forwards
      • Writeups
      • Source Code Examples
  • Verbose Error Messages and Stack Traces
    • Verbose Error Messages and Stack Traces
      • Write-ups
Powered by GitBook
On this page
  • Resources
  • Tools

Was this helpful?

  1. Injection
  2. SQL Injection

Resources & Tools

Resources

  • https://portswigger.net/web-security/sql-injection/blind

  • https://owasp.org/www-community/attacks/Blind_SQL_Injection

  • https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html

  • See the OWASP code review guide Section A1 https://owasp.org/www-pdf-archive/OWASP_Code_Review_Guide_v2.pdf

  • more Advanced SQL Injection - by NGS

  • Blind SQL Injection Automation Techniques - Black Hat Pdf

  • Blind Sql-Injection in MySQL Databases

  • Cgisecurity.com: What is Blind SQL Injection?

  • Kevin Spett from SPI Dynamics:

    • http://www.net-security.org/dl/articles/Blind_SQLInjection.pdf

    • http://www.imperva.com/resources/whitepapers.asp?t=ADC

    • Advanced SQL Injection

  • https://dev.mysql.com/doc/refman/8.0/en/select.html

Tools

  • SQL Power Injector

  • Absinthe :: Automated Blind SQL Injection

  • SQLBrute - Multi Threaded Blind SQL Injection Bruteforcer in Python

  • SQLiX - SQL Injection Scanner in Perl

  • sqlmap, automatic SQL injection tool in Python

  • bsqlbf, a blind SQL injection tool in Perl

  • Burpsuite

PreviousLabsNextServer-Side Request Forgery (SSRF)

Last updated 4 years ago

Was this helpful?