Injecting into SOAP
The Simple Object Access Protocol (SOAP) is a message-based communications technology that uses the XML format to encapsulate data. It
Read moreWeb Hosting
File Inclusion Vulnerabilities
Many scripting languages support the use of include files. This facility enables developers to place reusable code components into individual
Read moreInjecting into Web Scripting Languages
The core logic of most web applications is written in interpreted scripting languages like PHP, VBScript, and Perl. In addition
Read moreBypassing Filters
In some situations, an application that is vulnerable to SQL injection may implement various input filters that prevent you from
Read moreExploiting ODBC Error Messages (MS-SQL Only)
If you are attacking an MS-SQL database, then there are alternative ways available of discovering the names of database tables
Read moreExtracting Useful Data
In order to extract useful data from the database, you normally need to know the names of the tables and
Read moreFingerprinting the Database
Most of the techniques described so far are effective against all of the common database platforms, and any divergences have
Read moreThe UNION Operator
The UNION operator is used in SQL to combine the results of two or more SELECT statements into a single
Read moreFinding SQL Injection Bugs
In the most obvious cases, a SQL injection flaw may be discovered and conclusively verified by supplying a single item
Read moreInjecting into SQL
Almost every web application employs a database to store the various kinds of information that it needs in order to
Read more