Overview
Write Ups Compilations/Resources
Main Resources
Labs
Cross Site Request Forgery
- Cross Site Request Forgery (CSRF)
Missing Access Controls
- Missing Access Controls
LFI / Directory Traversal
- Local File Inclusion
XXE
- XML External Entity (XXE)
Injection
SSRF
- Server-Side Request Forgery (SSRF)
  - SSRF Write-ups
  - Source Code Review
Unvalidated Redirects and Forwards
- Unvalidated Redirects and Forwards
  - Writeups
  - Source Code Examples
Verbose Error Messages and Stack Traces
- Verbose Error Messages and Stack Traces
  - Write-ups

Powered by GitBook

On this page

Resources
Tools

Was this helpful?

Injection

SQL Injection

Resources & Tools

PreviousLabs NextServer-Side Request Forgery (SSRF)

Last updated 4 years ago

Was this helpful?

Resources

See the OWASP code review guide Section A1
- by NGS
- Black Hat Pdf
Kevin Spett from SPI Dynamics:

Tools

Burpsuite

in Python

in Perl

in Python

in Perl

https://portswigger.net/web-security/sql-injection/blind

https://owasp.org/www-community/attacks/Blind_SQL_Injection

https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html

https://owasp.org/www-pdf-archive/OWASP_Code_Review_Guide_v2.pdf

more Advanced SQL Injection

Blind SQL Injection Automation Techniques

Blind Sql-Injection in MySQL Databases

Cgisecurity.com: What is Blind SQL Injection?

http://www.net-security.org/dl/articles/Blind_SQLInjection.pdf

http://www.imperva.com/resources/whitepapers.asp?t=ADC

Advanced SQL Injection

https://dev.mysql.com/doc/refman/8.0/en/select.html

SQL Power Injector

Absinthe :: Automated Blind SQL Injection

SQLBrute - Multi Threaded Blind SQL Injection Bruteforcer

SQLiX - SQL Injection Scanner

sqlmap, automatic SQL injection tool

bsqlbf, a blind SQL injection tool