Burpsuite/SQL Injection: Difference between revisions
From charlesreid1
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
{{Main|SQL Injection}} | {{Main|SQL Injection}} | ||
This page contains notes on how to use Burp Suite to perform SQL injection attacks. | |||
=Basics= | |||
==Hidden Data Attacks== | |||
Hidden data attacks come from examining parameters passed as part of a request, and fiddling with the parameters to reveal hidden data | |||
==UNION Attacks== | |||
==Examining Databases== | |||
Revision as of 18:59, 9 March 2022
Main article: SQL Injection
This page contains notes on how to use Burp Suite to perform SQL injection attacks.
Basics
Hidden Data Attacks
Hidden data attacks come from examining parameters passed as part of a request, and fiddling with the parameters to reveal hidden data
UNION Attacks
Examining Databases
Resources
Links
Port Swigger Burp Suite training material:
- What is SQL injection? https://portswigger.net/web-security/sql-injection
- SQL injection union attacks: https://portswigger.net/web-security/sql-injection/union-attacks
- Examining the database: https://portswigger.net/web-security/sql-injection/examining-the-database
- Blind SQL injection: https://portswigger.net/web-security/sql-injection/blind
- Cheat sheet: https://portswigger.net/web-security/sql-injection/cheat-sheet