Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
- SQL injection is about being able to directly modify the SQL query being made. By altering the logic of the query, data can be stolen or altered in the database.
- Because NO data is returned back to the user, this was a blind SQLi. So, in order to exfiltrate data, a timing based method was used in order to leak data.
- Timing Based SQLi is not something new. Personally, I found that the SQLi existed in the Referer header to be very interesting! Why here?
- The Request Headers are data that is processed to! Giving a small set of test cases, even on very common headers, can cause some fruit :)
