Hello everyone,
Well it’s been a while since I’ve posted something so here we go.
I’ve been in a lot of different hacking communities for a long time and as usual most of them are filled with skids that would only memorize the queries shared by others, so if you’re one of these ones looking for a “new l337 query to hax0r everybody” then get out of here.
Continue reading “How does Xpath Injection Work + Modifications – Explained”
Hello everyone,
My friend Cyde and I have been looking at a project it’s been few days and we found a lot of Sql Injection vulnerabilities where most of the statements where INSERT Statements and not the usual SELECT. Now I know that most people think that these kinds of injections are difficult and hard to deal with and that’s why in this Tutorial I’ll explain how to handle 4 different techniques of injection.
The information
Continue reading “INSERT Statement Sql Injection – Advanced – Tutorial”
Hey everyone,
So I guess it’s time to learn something juicy about Postgresql.
If you’re injecting a Website based on a Postgresql database then you might wanna check your privileges because this will simply allow you to use lots of interesting Postgresql Functions in case you could:
You can find most of these functions in here: http://www.postgresql.org/docs/9.4/static/functions-admin.html
What we will be covering in this Tutorial is related to reading Log/Config Files, so lets just get started.
Continue reading “Reading Log Files in Postgresql Sql Injection – Tutorial”
Hey guys,
Okay, today we’re going to read files just the way we do it in MySql Injection using LOAD_FILE but in MsSql Injection using OPENROWSET. This is simple but very effective and it’s something that wasn’t shared before so lets just get started.
Continue reading “Reading Files in MsSql Injection – Tutorial”
Hello everyone,
Apparently, 3 weeks ago or so, I found a Critical Vulnerability in AVG’s official website; A Blind Sql Injection.
The Vulnerability has been reported and got fixed as far as I know and here’s some info about it:
Continue reading “AVG Hacked – Blind Sql Injection – Vulnerability Fixed – Explained”
dotcppfile's Blog 