Open in app

Sign In

Write

Sign In

Sanduni Fernando
Sanduni Fernando

62 Followers

Home

About

Sep 12, 2022

HackTheBox — Sense writeup

This is the 3rd blog out of a series of blogs I will be publishing on retired HTB machines. Let’s get started! Enumeration As the first step, Let’s run an initial nmap scan on the server to find which ports are open and what services are running on the open ports. …

Hackthebox Walkthrough

4 min read

HackTheBox — Sense writeup
HackTheBox — Sense writeup
Hackthebox Walkthrough

4 min read


Sep 1, 2022

HackTheBox — Nibbles writeup

This is the 2nd blog out of a series of blogs I will be publishing on retired HTB machines. Let’s get started! Enumeration As the first step, let’s run an initial nmap scan to find which ports are open and which services are running on the open ports. nmap -sC -sV…

Hackthebox Walkthrough

6 min read

HackTheBox — Nibbles writeup
HackTheBox — Nibbles writeup
Hackthebox Walkthrough

6 min read


Aug 31, 2022

HackTheBox -Bashed writeup

This is the first blog of the series of blogs I will be publishing on retired HTB machines. Let’s get started! Enumeration As the first step, run a nmap scan to find which ports are open and which services are running on those ports. nmap -sC -sV 10.10.10.68 We get the…

Hackthebox Walkthrough

7 min read

HackTheBox -Bashed writeup
HackTheBox -Bashed writeup
Hackthebox Walkthrough

7 min read


Aug 17, 2022

Blind SQL injection with conditional errors

As we discussed in preceding Lab exercise, Blind SQL injection is a type of SQL injection attack that asks the database true or false questions and determines the answer based on the application’s behavior.In some cases, you may be injecting a subquery or a batched query whose results are not…

Sql Injection

9 min read

Blind SQL injection with conditional errors
Blind SQL injection with conditional errors
Sql Injection

9 min read


May 12, 2022

Blind SQL injection with conditional responses

In many cases of SQL injection, the application does not return the results of the injected query to the user’s browser, nor does it return any error messages generated by the database. In such a situation you can use many techniques to retrieve arbitrary data from the database. …

Sql Injection

6 min read

Blind SQL injection with conditional responses
Blind SQL injection with conditional responses
Sql Injection

6 min read


Apr 13, 2022

Examining the database in SQL injection attacks.

Your ultimate goal of attacking a web application is to extract interesting data from the database. To do that, you must gather some information about the database. Such as, Database type and version Names of the tables and columns that contain the data you want to access. Different databases have…

Sql Injection

7 min read

Examining the database in SQL injection attacks.
Examining the database in SQL injection attacks.
Sql Injection

7 min read


Mar 29, 2022

SQL injection UNION attack to retrieve multiple values within a single column

Consider a situation where the original query returns multiple columns from the target table. Instead of checking each column to determine which column contains the data type string, You can easily retrieve multiple values within a single column by concatenating the values together. …

Sql Injection

3 min read

SQL injection UNION attack to retrieve multiple values within a single column
SQL injection UNION attack to retrieve multiple values within a single column
Sql Injection

3 min read


Mar 22, 2022

SQL injection UNION attack to retrieve interesting data

Once you have identified the number of columns required in your injected query, and have found which column can hold string data, you are in a position to extract interesting data. However you need to know the column names and table name containing the data that you are targeting to…

Sql Injection

3 min read

SQL injection UNION attack to retrieve interesting data
SQL injection UNION attack to retrieve interesting data
Sql Injection

3 min read


Nov 20, 2021

SQL injection UNION attack, finding a column containing text

Having identified the required number of columns in the previous blog, your next task is to discover a column that has a string data type so that you can use this to extract arbitrary data from the database. You can do this by injecting a query containing NULLs, as you…

Portswigger

3 min read

SQL injection UNION attack, finding a column containing text
SQL injection UNION attack, finding a column containing text
Portswigger

3 min read


Nov 14, 2021

SQL injection UNION attack, determining the number of columns returned by the query

UNION Operator UNION operator used in SQL to combine the results of two or more SELECT statements into a single result set. When an application contains a SQL injection vulnerability that occurs in a SELECT statement and the results of the query are returned within the application’s response, you can use the…

Sql Injection

6 min read

SQL injection UNION attack, determining the number of columns returned by the query
SQL injection UNION attack, determining the number of columns returned by the query
Sql Injection

6 min read

Sanduni Fernando

Sanduni Fernando

62 Followers

Security Researcher

Following
  • Vickie Li

    Vickie Li

  • Ravaan

    Ravaan

  • Ángel Cortez

    Ángel Cortez

  • 𝘿𝘼𝙍𝙆𝙅𝙤𝙠𝙚𝙧

    𝘿𝘼𝙍𝙆𝙅𝙤𝙠𝙚𝙧

  • Ji Cheng

    Ji Cheng

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech