Giters

Spy0x7 / Posts

Temporary dump of posts I eventually plan to publish on a proper site

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

What

This is a temporary dump of posts I eventually plan to publish on a proper site.

Why

  1. Their content could accidentally turn to be useful to someone
  2. Archiving/documenting purposes
  3. To have material to go through in nostalgic mode should I ever get old

Disclaimer

Some content can be relatively outdated as could date as far as the pre-2010 era.

Contents

01. Turning a Blind SQLi into Union-based with a 2-in-1 Payload

How not being lucid made me want to turn and exploit an SQL Injection from Boolean-Blind to Union-based by crafting a 2-in-1 Payload.

The exploit was accomplished by leveraging a first SQL Injection to alter and weaponize the output of the first vulnerable query into a carrier for a 2nd SQL Injection on a 2nd query all through a single injection point (parameter) - hence the 2-in-1 Payload.

Next in line: Chaining multiple vulnerabilies to get RCE on a Commercial Software via Black-Box Testing

About

Temporary dump of posts I eventually plan to publish on a proper site

License:MIT License