I'm beat - HTB slapped me in the face and told me what it thought of me. Maybe Monday it'll like me more, but I'll tell you what: I still suck at SQL injections despite hours of studying.

Night all.

Follow

@KillrBunn3 use of sqlmap helped me greatly with sql injections. However thanks to cloudflare (waf) and of course PDO (prepared statements) it's a lot harder to do these nowodays !

@Guillaume Right now the thing helping me most is using burp with an encoding extension (or cyberchef). My issue was with how many SQL variations there are, I'm super familiar with Spark and mySQL but I know jack about Oracle and such. The differences between them are really tripping me up.

@KillrBunn3 oh I've never been attacking Oracle nor run Orcale on products. But I get your point. There are indeed small differences which makes exploitation to some extent different. I like Burp a lot ! I will look at cyberchef. Most researchers attacking my products (on bounty programs) use Burp !

@Guillaume Sounds like I'm going the right direction ;) and cyberchef mostly just helps with getting things decoded or encoded, it's a fantastic tool though

@KillrBunn3 Yeah. Just tested it, removes the middle man of having to code yourself the encoding/decoding/other stuff, which is good to focus faster on breaching into things ! Here my main worry usually here is usually people succeeding in remote execution, but SQL injections are also on top of the list. So yep I think you are on the right track hehe.

Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.