Burpsuite/SQL Injection: Difference between revisions
From charlesreid1
| Line 15: | Line 15: | ||
==Examining Databases== | ==Examining Databases== | ||
{{Main|SQL Injection/ | {{Main|SQL Injection/UNION Attack}} | ||
=Resources= | =Resources= | ||
Revision as of 21:33, 14 March 2022
Main article: SQL Injection
This page contains notes on how to use Burp Suite to perform SQL injection attacks.
Basics
Hidden Data Attacks
Hidden data attacks come from examining parameters passed as part of a request, and fiddling with the parameters to reveal hidden data
UNION Attacks
Main article: SQL Injection/UNION Attack
Examining Databases
Main article: SQL Injection/UNION Attack
Resources
Links
Port Swigger Burp Suite training material:
- What is SQL injection? https://portswigger.net/web-security/sql-injection
- SQL injection union attacks: https://portswigger.net/web-security/sql-injection/union-attacks
- Examining the database: https://portswigger.net/web-security/sql-injection/examining-the-database
- Blind SQL injection: https://portswigger.net/web-security/sql-injection/blind
- Cheat sheet: https://portswigger.net/web-security/sql-injection/cheat-sheet