SQL Injection

April 18, 2017

The Color Of My Hat

Somebody has to wear the black hat and give the audience someone to shake their fists at. They want someone to hate. And if that's what you want to pay me to do, I'm happy to do it! – Jane Elliot. If you're not familiar with the concept of Hats in hacking, you're probably at the wrong place.

Read

February 6, 2016

Blinded by the Light

Few days ago, a friend asked me to solve two SQL Injection challenges on WeChall. At first, I thought this would be some regular SQL injection but I was wrong. Actually, these were quite good with some tricky rules making a great case scenario. So, I've decided to do a write-up and blow some dust off my blog.

Read

October 15, 2015

[Without Quotes] String Based SQL Injection

Today, I'm going to discuss a special case of string based SQL injection where you can perform the injection without the use of quotes. You heard it right, absolutely no quotes at all in string based injections. This may come in handy if the quotes are blocked.

Read