Bug Bounty Shorts3d ago

Learning SQL Injection Through PortSwigger Labs (Beginner to Blind SQLi)
This article outlines an SQL injection tutorial using PortSwigger Labs. The goal is to progress from basic SQLi to blind SQL injection. The training platform provides a simple login page with an injectable email field. The researcher discovered SQL injection by inserting single quotes in the email field, which caused an error revealing the presence of SQL code in the application's response. The attack vector involved sending payloads containing single quotes, semicolons, and SQL commands like UNION and SELECT. The mechanism revolves around the application not sanitizing user input, which enables injecting SQL commands to manipulate the underlying database. The impact includes accessing sensitive data, modifying records, and executing arbitrary commands. The tutorial offers a series of challenges to gradually master SQL injection techniques and tools like Burp Suite's Intruder. Proper mitigation requires sanitizing user-supplied data, parameterizing queries, and using prepared statements. Key lesson: Learn SQL injection techniques and tools to prevent data breaches and unauthorized data manipulation. #SQLInjection #Cybersecurity #WebSecurity #PortSwiggerLabs #Infosec

https://fuzzyyduck.medium.com/learning-sql-injection-through-portswigger-labs-beginner-to-blind-sqli-7dd78070afd6?source=rss------bug_bounty-5

Learning SQL Injection Through PortSwigger Labs (Beginner to Blind SQLi)

A practical walkthrough of SQL injection techniques, including login bypass, UNION attacks, and blind SQLi.

Medium
Marduk_James Oct 7

Latest #Portswigger SQL lab write-up.

https://medium.com/@marduk.i.am/visible-error-based-sql-injection-2deb4b77ac64

#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs

Visible Error-Based SQL Injection

A Portswigger Lab

Medium
Marduk_James Oct 5

Latest #Portswigger lab write-up.

#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs

https://medium.com/@marduk.i.am/blind-sql-injection-with-conditional-errors-7850fe9bc73b

Blind SQL Injection with Conditional Errors

A Portswigger Lab

Medium
Marduk_James Mar 16, 2025

It's been a while but here is another SQLi lab. Enjoy!

https://medium.com/@marduk.i.am/sql-injection-union-attack-retrieving-multiple-values-in-a-single-column-d6c6d91be74d

#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs

SQL Injection UNION Attack, Retrieving Multiple Values in a Single Column

This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application’s response so you can use a UNION attack to retrieve data…

Medium
DFIR NotesDec 12, 2024
Cancelling before #OffSec renewal: 'Although much progress has been made over the bad old days of offline only content and no support, the quiz platform and labs are too flaky and actually impair focus (I cannot sit and stare at a timer, idle for 45 sec!). In one module I found the free #PortswiggerLabs much more useful and helpful than the OffSec material. I will run out my year and try to do a little more, but I was never an OSCP candidate and need to focus on other things in the years to come. Cheers! '
Marduk_James Nov 13, 2024

Last in a series of 3 labs. Enjoy

https://medium.com/@marduk.i.am/sql-injection-union-attack-retrieving-data-from-other-tables-38f471813c57

#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs

SQL Injection UNION Attack, Retrieving Data from Other Tables

This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application’s response, so you can use a UNION attack to retrieve data…

Medium
Marduk_James Nov 8, 2024

Second in a series of 3 labs.

https://medium.com/@marduk.i.am/sql-injection-union-attack-finding-a-column-containing-text-ee28ff48eb30

#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs

SQL Injection UNION Attack, Finding a Column Containing Text

This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application’s response, so you can use a UNION attack to retrieve data…

Medium
Marduk_James Nov 6, 2024

First in a series of 3 labs.

https://medium.com/@marduk.i.am/sql-injection-union-attack-determining-the-number-of-columns-returned-by-the-query-a740b76989fe

#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs

SQL Injection UNION Attack, Determining the Number of Columns Returned by the Query

This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application’s response, so you can use a UNION attack to retrieve data…

Medium
Marduk_James Oct 25, 2024

Latest SQLi lab write-up. Hope you find it useful!

https://medium.com/@marduk.i.am/sql-injection-attack-listing-the-database-contents-on-oracle-3be23e33a43d

#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs

SQL Injection Attack, Listing the Database Contents on Oracle

This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application’s response so you can use a UNION attack to retrieve data…

Medium
Marduk_James Sep 9, 2024

Latest lab write-up. Hope it's useful!

https://medium.com/@marduk.i.am/sql-injection-attack-listing-the-database-contents-on-non-oracle-databases-825485566585

#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs

SQL Injection Attack, Listing the Database Contents on Non-Oracle Databases

This lab contains a SQL injection vulnerability in the product category filter. The results from the query are returned in the application’s response so you can use a UNION attack to retrieve data…

Medium