what is SQL injection attack in web application?
SQL injection is a web security vulnerability that permits an attacker to impede an application's questions to its information base. It for the most part permits an attacker to see information that they are not ordinarily ready to recover. This could incorporate information having a place with different clients, or whatever other information the actual application can access.
1. SQL injection is a code injection method that could obliterate your data set.
2. SQL injection is one of the most well-known web hacking methods.
What are types of SQL Injection?
- Error Based SQL injection
- Blind Based SQL injection
Below is the list of SQLi writeups from the top worldwide hackers:
- My Bug Bounty Journey and My First Critical Bug — Time Based Blind SQL Injection
- Exploiting Blind Postgresql Injection And Exfiltrating Data In Psycopg2
- How i got easy $$$ for SQL Injection Bug
- Turning Blind Error Based SQL Injection into Exploitable Boolean One
- Interesting case of SQLi
- Error-Based SQL Injection on a WordPress website and extract more than 150k user details
- SQL Injection & Remote Code Execution - Double P1
- Accessing the website directly through its IP address, a case of a poorly hidden sql injection
- How to contact Google SRE: Dropping a shell in cloud SQL
- From SQL Injection to Hall Of Fame
- How I got 450$ just in one Google search (SQLi + RXSS)?
- Blind SQL Injection at fasteditor.hema.com
- From Host Header injection to SQL injection
- Patched Zoom Exploit: Altering Camera Settings via Remote SQL Injection
- Bug Bounty in Lockdown (SQLi and Business Logic)
- HUNT for SQL Injection- The Smart Way!
- Utilizing Lockdown: Blind Sqli leads to Account Takeover & Data Extraction
- Story of Blind SQL with a type error.
- [Bug Bounty Writeups] Exploiting SQL Injection Vulnerability
- Tricky Oracle SQL Injection Situation
- Akamai Web Application Firewall Bypass Journey: Exploiting “Google BigQuery” SQL Injection Vulnerability
- SQL Injection Via Stopping the redirection to a login page
- Finding SQL injections fast with white-box analysis — a recent bug example
- Bug Bounty: Bypassing a crappy WAF to exploit a blind SQL injection
- U.S. Department of Defense - Info Disclosure and SQLi Writeup
- SQL Injection in private-site.com/login.php
- Exploiting a Tricky Blind SQL Injection inside LIMIT clause
- SQL Injection in Forget Password Function
- SQL Injection Bug Bounty POC!
- Blind (time-based) SQLi - Bug Bounty
- SQl Injection
- SQL injection through User-Agent
- Comma is forbidden! No worries!! Inject in insert/update queries without it
- SQL injection for $50 bounty, but still worth reading!!
- Abusing MySQL clients to get LFI from the server/client
- Authentication Bypass Using SQL Injection AutoTrader Webmail – Bug Bounty POC
- ZOL Zimbabwe Authentication Bypass to XSS & SQLi Vulnerability – Bug Bounty POC
- SQL Injection Vulnerability bootcamp.nutanix.com | Bug Bounty POC
- SQL Injection Vulnerability In University Of Cambridge
- Making a Blind SQL Injection a Little Less Blind
- SQL Injection and A silly WAF
- Attacking PostgreSQL Database
- Bug Bounty at Bangladeshi Site.
- #BugBounty —” Database hacked of India’s Popular Sports company”-Bypassing Host Header to SQL injection to dumping Database — An unusual case of SQL injection.
- Union Based Sql injection Write up ->A private Company Site
- SQL injection with load file and into outfile
- SQL in everywhere.
- SQL injection in an UPDATE query - a bug bounty story!
- SQL Injection On MEGA.NZ
- Blind SQL Injection [Hootsuite]
- Yahoo – Root Access SQL Injection – tw.yahoo.com
- Step-by-step: exploiting SQL injection(s) in Oculus’ website.
- Magix Bug Bounty: magix.com (RCE, SQLi) and xara.com (LFI, XSS)
- Tesla Motors blind SQL injection
- SQL injections in Nokia sites.
If you want to submit your writeups in the list. Submit Here