Burpsuite/SQL Injection: Difference between revisions
From charlesreid1
| Line 11: | Line 11: | ||
==UNION Attacks== | ==UNION Attacks== | ||
{{Main|SQL Injection/UNION Attack}} | |||
==Examining Databases== | ==Examining Databases== | ||
Revision as of 18:41, 10 March 2022
Main article: SQL Injection
This page contains notes on how to use Burp Suite to perform SQL injection attacks.
Basics
Hidden Data Attacks
Hidden data attacks come from examining parameters passed as part of a request, and fiddling with the parameters to reveal hidden data
UNION Attacks
Main article: SQL Injection/UNION Attack
Examining Databases
Resources
Links
Port Swigger Burp Suite training material:
- What is SQL injection? https://portswigger.net/web-security/sql-injection
- SQL injection union attacks: https://portswigger.net/web-security/sql-injection/union-attacks
- Examining the database: https://portswigger.net/web-security/sql-injection/examining-the-database
- Blind SQL injection: https://portswigger.net/web-security/sql-injection/blind
- Cheat sheet: https://portswigger.net/web-security/sql-injection/cheat-sheet