SQL Injection
Guides and Resources
SQL Injection Vulnerabilities - Bug Bounty Hunting Essentials, pg 29
SQL Injection tool that can spawn a meterpreter or VNC session back to attacker. Can return a decent number of false positives. Always verify. If you do not specify a value, SQLmap will attempt all by default
SQLMate - Companion tool for SQLMap
Maps out and locates admin panel
Query dorking for finding targets
hash lookup
RTFM: SQLMap - pg. 71
Operator Handbook: SQLMap - pg. 284
Other Tools
SQL Basics
pageSQL BasicsAttack Techniques
Manual Injection Methodology
pageManual Injection MethodologyLast updated