Hello everyone,
Well it’s been a while since I’ve posted something so here we go.
I’ve been in a lot of different hacking communities for a long time and as usual most of them are filled with skids that would only memorize the queries shared by others, so if you’re one of these ones looking for a “new l337 query to hax0r everybody” then get out of here.
Continue reading “How does Xpath Injection Work + Modifications – Explained”
Hello everyone,
My friend Cyde and I have been looking at a project it’s been few days and we found a lot of Sql Injection vulnerabilities where most of the statements where INSERT Statements and not the usual SELECT. Now I know that most people think that these kinds of injections are difficult and hard to deal with and that’s why in this Tutorial I’ll explain how to handle 4 different techniques of injection.
The information
Continue reading “INSERT Statement Sql Injection – Advanced – Tutorial”
Hello everyone,
The title says it, we’re going to sql inject a vulnerable Download PHP Script which will allow us later on to read files on the server.
This whole thing started with a Challenge posted on HF by SirRootALot and was only solved by 2 members including me which is kind of awkward and since a lot of people asked for an explanation I decided to make a tutorial.
Continue reading “Sql Injection in a Download PHP Script leading to LFI – Tutorial”
Hey everyone,
So I guess it’s time to learn something juicy about Postgresql.
If you’re injecting a Website based on a Postgresql database then you might wanna check your privileges because this will simply allow you to use lots of interesting Postgresql Functions in case you could:
You can find most of these functions in here: http://www.postgresql.org/docs/9.4/static/functions-admin.html
What we will be covering in this Tutorial is related to reading Log/Config Files, so lets just get started.
Continue reading “Reading Log Files in Postgresql Sql Injection – Tutorial”
Hey guys,
Okay, today we’re going to read files just the way we do it in MySql Injection using LOAD_FILE but in MsSql Injection using OPENROWSET. This is simple but very effective and it’s something that wasn’t shared before so lets just get started.
Continue reading “Reading Files in MsSql Injection – Tutorial”
This Tutorial is about the Usage of Tortilla with Tor and How to Bypass All The Problems and Errors people are Facing with Tortilla.
Picture:
Hello,
TOR > VPNs and Proxies so whatever. Enough said, now lets get started.
Continue reading “Tortilla – TOR… ALL THE THINGS – Tutorial”
Hello everyone,
I just realized that there is no Advanced Postgresql Blind Sql Injection around the Internet and that’s why I decided to make this.
There’s a lot to learn, it took me some time to get things working just fine.
We have a live target: http://www.must.edu.eg/Reports/College_TT.php?College_Id=7
This tutorial consists on letting you know everything you have to know about Postgresql Sql Injection and much more when it comes to Blind Postgresql Sql Injection.
I tried to Sql Inject this target using Popular tools such as Havij and Sqlmap but they failed while CppSqlInjector succeeded.
Take your time to read, it’s kind of confusing if you’re not familiar with Postgresql but I did add a lot of information in here that should be really useful to everyone.
Continue reading “Blind Postgresql Sql Injection – Tutorial”
dotcppfile's Blog 