SQL Injection Leads to dump the Student PII ⌘ Read more
Simple, minimal SQL database migrations written in Go with generics. Std lib database/sql and SQLX supported OOTB
I built GoSMig for personal projects and open-sourced it. It’s a tiny library for writing migrations in Go (compile-time checks via generics). Supports both transactional and non-transactional steps, rollback, status/version commands, and a built-in CLI handler so you can ship your own tool.
- Zero dependencies (std lib; golang.org/x/term used for pager support)
- database/sql and sqlx supported out of the box, others w … ⌘ Read more
How I Mastered Blind SQL Injection With One Simple Method
Transforming my web security skills by learning to listen to a silent database
[Continue reading on InfoSec Write-ups »](https://infosecwriteups.com/how-i-mastered-blind-sql-injection-w … ⌘ Read more
The Critical $1000 Bug:(blind SQL injection) ⌘ Read more
SQHell: Manually hunting SQL injection with detailed explanation ⌘ Read more
↳
In-reply-to
»
is it normal for my yarn pod mentions tab to be totally empty because it's been like this from the start
⤋ Read More
@kat@yarn.girlonthemoon.xyz @kat@yarn.girlonthemoon.xyz Pretty sure I have many more mentions in the database than the one and only one I see hmmm 🤔 – I’ll have a look at the code when I can and the SQL query it’s using
How Reladiff Works - A Journey Through the Challenges and Techniques of Data Engineering with SQL
Comments ⌘ Read more
AI-Powered SQLMap: Smarter SQL Injection Testing Guide ⌘ Read more
Exploiting Unsanitized URL Handling & SQL Injection via Deep Links in iOS App: Write-up of Flipcoin ⌘ Read more
Open Source SQL Workbench Says “No Republicans Allowed!”
The Apache licensed SQL query tool says Republicans (and many others) are not welcome to use their software due to “despicable politics” and “contempt for human rights.” ⌘ Read more
Mastering SQL Injection Recon: Step-by-Step Guide for Bug Bounty Hunters
A practical guide to uncovering SQL injection flaws using automation, payloads and deep reconnaissance techniques.
[Continue reading … ⌘ Read more
$4,500 Bounty: SQL Injection in WordPress Plugin Leads to PII Exposure at Grab
How a Plugin Preview Feature Exposed User Data and Nearly Enabled Admin Dashboard Pivoting
[Continue reading on Info … ⌘ Read more
Millions of Records Exposed via SQL Injection in a Tamil Nadu Government Portal ⌘ Read more
** How Hackers Bypass Login Pages with SQL, Logic Flaws, and Headers **
Welcome to the underworld of cybersecurity! 🌐 In this blog, we dive deep into how hackers bypass login pages — the digital gatekeepers of…
[Continue rea … ⌘ Read more
↳
In-reply-to
»
Also spent the morning continuing to think about a new design for EdgeGuard's WAF. I'm basically going to build an entirely new pluggable WAF that will be designed to only consider Rate Limiting, IP/ASN-based filtering, JavaScript challenge handling, Basic behavioral analysis and Anomaly detection.
⤋ Read More
One thing about my design here is that it would no longer incorporate “regex”-based rules like OWASP, mostly because my experience thus far has taught me that these rules are kind of overly sensitive, produce false positives and I’m not sure they are really very effective. For example, why is the point of performing SQL injection detection at the Edge using a WAF if you already handle SQL properly in the first place? (seriously does anyone still construct SQL queries by hand with effectively printf?!)
A Guide to SQL Injection Attacks: Hackers Don’t Want You to Know This!
Imagine your website as a big toy box filled with treasures — like user info, passwords, or blog posts — and you’ve got a robot helper…
[Contin … ⌘ Read more
Time-Based Blind SQL Injection: “Hack the Clock” ⌘ Read more
↳
In-reply-to
»
Test
⤋ Read More
I was trying to optimize the SQL query used for the Compact FrontPage (anonymous view for Discovery when the Admin/Operator chooses “one twt per feed”).
SQL scares me i tweaked a bash script that pulled from a DB and the bash part was easy even if i was just going off of the code in there that i didn’t write (like i understood it at least) but the SQL parts had me suffering
@lyse@lyse.isobeef.org OK. So how I have worked things like this out is to have the interface in the root package from the implementations. The interface doesn’t need to be tested since it’s just a contract. The implementations don’t need to import storage.Storage
- storage/ defines the
Storageinterface (no tests!)
- storage/sqlite for the sqlite implementation tests for sqlite directly
- storage/ram for the ram implementation and tests for RAM directly
- storage/sqlite for the sqlite implementation tests for sqlite directly
- controller/ can now import both storage and the implementation as needed.
So now I am guessing you wanted the RAM test for testing queries against sqlite and have it return some query response?
For that I usually would register a driver for SQL that emulates sqlite. Then it’s just a matter of passing the connection string to open the registered driver on setup.
https://github.com/glebarez/go-sqlite?tab=readme-ov-file#connection-string-examples
I share I did write up an algorithm for it at some point I think it is lost in a git comment someplace. I’ll put together a pseudo/go code this week.
Super simple:
Making a reply:
- If yarn has one use that. (Maybe do collision check?)
- Make hash of twt raw no truncation.
- Check local cache for shortest without collision
- in SQL:
select len(subject) where head_full_hash like subject || '%'
- in SQL:
Threading:
- Get full hash of head twt
- Search for twts
- in SQL:
head_full_hash like subject || '%' and created_on > head_timestamp
- in SQL:
The assumption being replies will be for the most recent head. If replying to an older one it will use a longer hash.
💻 Issue 400 - ScalaSql: a New SQL Database Query Library for the com-lihaoyi Scala Ecosystem ⌘ Read more
The CIA invests in these Tech companies
Video games. Search engines. Social Media. Open Source. Even SQL databases. Seriously. ⌘ Read more
it uses the queries you define for add/del/set/keys. which corrispond to something like INSERT INTO <table> (key, value) VALUES ($key, $value), DELETE ..., or UPDATE ...
the commands are issued by using the maddycli but not the running maddy daemon.
see https://maddy.email/reference/table/sql_query/
the best way to locate in source is anything that implements the MutableTable interface… https://github.com/foxcpp/maddy/blob/master/framework/module/table.go#L38
Thinking beyond SQL injection: OWASP tips for secure database access
When it comes to secure database access, there’s more to consider than SQL injections. OWASP Top 10 Proactive Control C3 offers guidance. ⌘ Read more
SQL(ite) and zettelkastens as a medium for non-linear story telling. #halfbaked
user-defined order in SQL [[https://begriffs.com/posts/2018-03-20-user-defined-order.html]] #sql #links maybe something that can be adapted to !sqlite?
Testing @!(ref “weewiki_sql” “page markers” “iterate_over_values”)!@.
Fun with data! The complete roster twtxt database can be downloaded at https://roster.twtxt.org/twtxt_20160405.sql.gz