Latest lab write-up. Came out a bit long but very informative.
https://medium.com/@marduk.i.am/blind-sql-injection-with-conditional-responses-46ee90b5f2c0
#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #Portswigger
#SQLi
Codeby.Games. CTF TASK «СМС»/«SMS»
Приветствую всех любителей CTF и этичного хакинга на стороне Red Team! В этой статье мы рассмотрим прохождение легкого таска «СМС», разработанного пентестерами из команды Codeby.Games. Справка: codeby.games — отечественный условно бесплатный веб‑проект, где каждый может попрактиковаться в оттачивании навыков наступательной кибербезопасности. Таски (задания) представлены в широком спектре: начиная от использования методов OSINT и заканчивая компрометацией учебного домена Active Directory. CTF разделяются на три группы — «Легкий», «Средний», «Сложный» в различных категориях. Но подробнее об этом — на официальном сайте проекта. Итак, приступим. Задание «СМС» находится в категории «Квесты».
It's been a while but here is another SQLi lab. Enjoy!
#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs
I wrote a quick #blogpost on #ntlm authentication with #sqlmap using #burpsuite proxy.
https://bbence.me/blog/2025-03-09_ntlm_auth/
I did this as a workaround, since the `python-ntlm` package that SQLMap wants still uses Python 2's syntax for some reason and SQLMap does not like that.
🏢 SQLI is hiring a Data Engineer
Location: 🇲🇦 Rabat, Morocco
#DataScience #DataScientist #tech #JobSearch #GetFediHired #HashyJobs # #SQLI
https://datasciencejobs.com/jobs/data-engineer-sqli-morocco-2/
🏢 SQLI is hiring a Data Scientist
Location: 🇲🇦 Rabat, Casablanca, Morocco
#DataScience #DataScientist #tech #JobSearch #GetFediHired #HashyJobs # #SQLI
https://datasciencejobs.com/jobs/data-scientist-sqli-morocco-1/
Remote Code Execution через SQL инъекцию в Zabbix (CVE-2024-42327)
27 ноября 2024 года была выявлена критическая уязвимость в Zabbix с CVSS-оценкой 9.9 , представляющая собой SQL-инъекцию в одном из эндпоинтов API Zabbix. Уязвимость позволяет атакующему, имеющему доступ к API, выполнить произвольные SQL-запросы. При определённых настройках Zabbix, которые разрешают удалённое выполнение команд через агентов, эта уязвимость может быть использована для полной компрометации инфраструктуры , находящейся под мониторингом Zabbix.
Seria podatności w systemach samochodów Mazda dotycząca Connectivity Master Unit
Czytelnicy z dłuższym stażem zapewne pamiętają podatność w samochodach Nissan i Mazda, która powodowała reboot systemu audio. Mazda ponownie ma problemy związane z błędami w systemie Mazda Connect Connectivity Master Unit (CMU), który wykorzystuje system operacyjny Linux i jest instalowany w wielu modelach samochodów tego producenta. Błędy zostały odkryte przez badaczy...
#WBiegu #Cve #Mazda #Rce #Sqli
https://sekurak.pl/seria-podatnosci-w-systemach-samochodow-mazda-dotyczaca-connectivity-master-unit/
-11-
SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level - @pspaul
SQL injection attacks exploit vulnerabilities in web applications that fail to properly sanitize user input, allowing attackers to inject malicious SQL code into database queries.
In the past, they were as prevalent as can be when it comes to web app vulnerabilities, but recent advances in web servers' default configurations and protection mechanisms have made them harder to exploit. This is evident by their ranking in the well-known OWASP Top 10 project.
However, in this talk, Paul shows an exciting new avenue for these vulnerabilities — attacking the underlying protocol!
When it comes to databases today like PostgreSQL, MySQL, Redis and MongoDB, servers communicate with them over the wire using a binary protocol. This binary protocol is TLV-based: first, the type of message, then its length, and finally, the value. So your SQL query is actually embedded within such a "packet".
While these binary protocols are commonplace in web servers' communication with peripherals, Paul focused on databases, and specifically how the length field of a message is handled by libraries when it receives a very large message, namely, more than the size that could fit in a 32-bit field.
He discovered that prominent open-source packages handling connecting and querying PostgreSQL and MongoDB, upon receiving a message longer than 232 bytes, calculate the length of the message correctly while truncating it to 32-bit before writing the length field.
This means that a message just over 232 bytes arrives at the database prepended with a length field which is very small, leaving the rest of the message to be accidentally parsed as packets! This gives a theoretical attack full control over queries.
While data exfiltration is almost not possible (the application usually returns the result of the first query), attackers can simply add a new user with high privileges to the database and use it to steal data.
On discovery, Paul wasn't satisfied with the vulnerability's exploitability — a potential attacker wouldn't know exactly the server's query and where the malicious payload is embedded, they have to send multiple 2GB queries, making the exploit very long and noisy. Through some nice tricks, borrowed from the world of shellcodes, he managed to reduce the attack process to at most 2 tries!
This research avenue still has a lot of possibilities open — Paul only scratched the surface. Binary protocols are used extensively for communication with many other applications like logging, storage, queues and caches. Even for databases — just a subset were inspected.
An enlightening talk, showing how produce it can be to take an approach and techniques used in one area of vulnerability research (in this case HTTP desync attacks by James Kettle) and applying it to a completely different domain.
Latest SQLi lab write-up. Hope you find it useful!
#BugBounty #bugbountytips #SQL #SQLI #injection #informationsecurity #PortswiggerLabs
And now the last talk before the afternoon break is Paul Gerste of Sonar who will show us that SQL-i #sqli isn’t dead in “SQL injection isn’t dead: Smuggling Queries at the Protocol level” at, of course, @hack_lu #hacklu2024
Happening 15:30: "SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level"
SQL Injection Cheat Sheet 💉
🔖#infosec #cybersecurity #hacking #pentesting #security #sqli
Die SQLI Deutschland GmbH aus Dortmund spendete rund 40 Laptops, die das Unternehmen nicht mehr verwendet.
Das Foto zeigt v.l.n.r. Lynn Haustov, Annika Ekici, Armin Cibulski (Labdoo Hub Iserlohn), Christian Schacht (GF) und Patrick Heinrich (IT), alle von SQLI.
Vielen Dank für eure IT-Spende https://platform.labdoo.org/de/content/dootronics-dashboard?search=SQLI (weitere Laptops folgen noch).
#labdoo #sqli #dortmund #phoenixsee #laptop #spende #danke
#WordPress: CVE-2024-8522 & CVE-2024-8529 (CVSS 10): #LearnPress plugin SQL Injection (#SQLi) #Vulnerability Leaves 90K+ WordPress Sites at Risk:
👇
https://securityonline.info/cve-2024-8522-cvss-10-learnpress-sqli-flaw-leaves-90k-wordpress-sites-at-risk/
Bypassing Airport Security via SQL Injection
The article reveals a SQL injection vulnerability in FlyCASS, used for airport security checks. By exploiting it, attackers could bypass TSA screenings and gain unauthorized access to restricted areas.
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst