Tagged articles

121 articles

Page 2 of 2

Sep 4, 2017 · Information Security

How I Exploited Oracle Advanced Support to Run Remote SQL via Hidden JavaScript

During an external penetration test I discovered an Oracle Advanced Support service, reverse‑engineered its JavaScript endpoints, crafted GET and POST requests to create and execute named SQL statements, and ultimately extracted database version, user information, and password hashes, highlighting a critical web‑application flaw.

API abuseJavaScript analysisOracle

0 likes · 14 min read

How I Exploited Oracle Advanced Support to Run Remote SQL via Hidden JavaScript

Architecture Digest

Aug 11, 2017 · Information Security

Common Web Attacks and Their Mitigation Techniques

The article introduces major web security threats such as XSS, injection, CSRF, explains their mechanisms with examples, and presents defensive measures including input sanitization, HttpOnly cookies, web application firewalls, and encryption methods like hashing, symmetric and asymmetric cryptography.

CSRFSQL injectionWAF

0 likes · 10 min read

Common Web Attacks and Their Mitigation Techniques

Tencent TDS Service

Jun 15, 2017 · Databases

How We Built WCDB: Inside WeChat’s Open‑Source Mobile Database Evolution

This article chronicles the development of WCDB, WeChat’s open‑source mobile database, detailing its early challenges, performance bottlenecks, security risks, concurrency improvements, cross‑platform collaboration, and future roadmap for a more reliable and efficient data layer on iOS and Android.

AndroidSQL injectionSQLite

0 likes · 14 min read

How We Built WCDB: Inside WeChat’s Open‑Source Mobile Database Evolution

WeChat Client Technology Team

Jun 15, 2017 · Databases

How WCDB’s WINQ Eliminates SQL String Concatenation and Injection Risks

This article examines WCDB’s design principles for efficient, complete, and easy-to-use client-side databases, explains the pitfalls of SQL string concatenation such as code redundancy, debugging difficulty, and injection attacks, and describes how WCDB’s WINQ abstraction and ORM layer safely encapsulate SQLite syntax to enable concise, compile-time-checked queries.

C++ORMSQL injection

0 likes · 10 min read

How WCDB’s WINQ Eliminates SQL String Concatenation and Injection Risks

dbaplus Community

Apr 4, 2017 · Information Security

Mastering Database Injection: Real‑World Attacks, Tools, and Defense Strategies

This comprehensive guide explains why database injection remains a critical security threat, illustrates real‑world attack techniques and toolchains, and provides layered defensive measures—from secure coding and DB‑proxy solutions to web‑server filtering, WAF deployment, and log‑analysis pipelines.

Database SecurityDefense StrategiesSQL injection

0 likes · 24 min read

Mastering Database Injection: Real‑World Attacks, Tools, and Defense Strategies

ITPUB

Mar 20, 2017 · Information Security

Essential Web Penetration Testing Q&A: From Recon to Exploit Techniques

This article compiles 42 practical questions and answers covering information gathering, vulnerability identification, exploitation tactics, and remediation advice for web applications, databases, servers, and common security mechanisms, providing a concise reference for penetration testers and security engineers.

CMS EnumerationSQL injectionServer Exploitation

0 likes · 17 min read

Essential Web Penetration Testing Q&A: From Recon to Exploit Techniques

MaGe Linux Operations

Mar 17, 2017 · Information Security

How to Prevent SQL Injection in Python Web Applications

This article explains why SQL injection occurs in Python web development, demonstrates vulnerable code using string concatenation, shows the resulting errors, and provides two effective solutions—input escaping and MySQLdb's parameterized queries—to secure your applications.

Parameterized QueriesPythonSQL injection

0 likes · 5 min read

How to Prevent SQL Injection in Python Web Applications

Java High-Performance Architecture

Mar 12, 2017 · Information Security

How Hackers Exploit mysqldump Backups to Execute System Commands

This article explains how attackers can abuse mysqldump to embed malicious SQL that runs system commands during import, demonstrates the exploit step‑by‑step, and provides practical mitigation measures such as using --skip-comments and revoking CREATE TABLE privileges.

Database SecuritySQL injectionbackup exploitation

0 likes · 4 min read

How Hackers Exploit mysqldump Backups to Execute System Commands

Efficient Ops

Mar 5, 2017 · Operations

Surviving Hundred‑Billion Transactions: Real Production Incident Stories

This article recounts a series of real‑world production incidents—including massive concurrency overloads, DDoS attacks, SQL injection breaches, and critical bugs—encountered by an internet finance platform, and shares the concrete technical fixes and lessons learned to improve system resilience.

DDoSSQL injectionhigh concurrency

0 likes · 22 min read

Surviving Hundred‑Billion Transactions: Real Production Incident Stories

ITPUB

Mar 3, 2017 · Information Security

How Attackers Exploit SQL Injection and XSS – Techniques and Defenses

This article explains the mechanics of SQL injection and XSS attacks, demonstrates common exploitation methods such as table‑name guessing, error‑based and union queries, shows a vulnerable authentication script, and provides practical defensive coding techniques to mitigate these threats.

Authentication BypassSQL injectionWeb Security

0 likes · 10 min read

How Attackers Exploit SQL Injection and XSS – Techniques and Defenses

ITPUB

Feb 6, 2017 · Information Security

Mastering SQL Injection: Types, Techniques, and Real‑World Examples

This article provides a practical introduction to SQL injection, covering its fundamentals, common attack vectors such as Boolean‑based, error‑based, and UNION‑based injections, step‑by‑step exploitation examples with PHP code, and tips for constructing payloads and understanding their impact on vulnerable web applications.

Boolean-basedDatabase ExploitationError-based

0 likes · 13 min read

Mastering SQL Injection: Types, Techniques, and Real‑World Examples

ITPUB

Nov 12, 2016 · Information Security

How to Explain SQL Injection to Non‑Tech People Using a Simple Warehouse Robot Analogy

The article uses a warehouse‑robot analogy to illustrate how SQL injection works, showing how mixing user‑supplied data with commands lets attackers alter database queries, and explains that parameterized queries separate code from data to prevent such vulnerabilities.

AnalogyParameterized QueriesSQL injection

0 likes · 6 min read

How to Explain SQL Injection to Non‑Tech People Using a Simple Warehouse Robot Analogy

360 Quality & Efficiency

Nov 1, 2016 · Information Security

Understanding SQL Injection Attacks and Defensive Techniques

The article reviews the author’s experience with security testing, explains the severe risks of SQL injection, demonstrates vulnerable server‑side code, and provides practical remediation methods such as input sanitization, type casting, and using prepared statements with PDO.

Database SecurityPDOSQL injection

0 likes · 5 min read

Understanding SQL Injection Attacks and Defensive Techniques

ITPUB

Aug 22, 2016 · Information Security

How to Exploit and Patch Zabbix’s JSRPC ProfileIdx2 SQL Injection Vulnerability

This article explains the unauthenticated SQL injection flaw in Zabbix's JSRPC profileIdx2 parameter, details its high impact on versions 2.2.x and 3.0.0‑3.0.3, provides a step‑by‑step proof‑of‑concept exploit, and recommends upgrading to version 3.0.4 to remediate the issue.

ExploitSQL injectionVulnerability

0 likes · 4 min read

How to Exploit and Patch Zabbix’s JSRPC ProfileIdx2 SQL Injection Vulnerability

ITPUB

Jul 12, 2016 · Information Security

How to Prevent SQL Injection Attacks in PHP: Practical Tips and Code Examples

This article explains what SQL injection is, shows vulnerable PHP code examples, and provides concrete prevention techniques—including input validation, parameterized queries, limited database privileges, error handling, and proper escaping of special characters—to protect web applications from attacks.

PHPPrepared StatementsSQL injection

0 likes · 5 min read

How to Prevent SQL Injection Attacks in PHP: Practical Tips and Code Examples

Art of Distributed System Architecture Design

May 23, 2016 · Information Security

Testing HTTP Header Parameters for SQL Injection: Coverage, Tools, and Best Practices

The article examines how HTTP header and cookie parameters can serve as SQL injection vectors, evaluates the coverage of commercial and open‑source web vulnerability scanners, demonstrates manual testing techniques, and recommends tools such as sqlmap for comprehensive security assessments.

SQL injectionSQLMapWeb Security

0 likes · 13 min read

Testing HTTP Header Parameters for SQL Injection: Coverage, Tools, and Best Practices

ITPUB

May 5, 2016 · Information Security

Understanding SQL Injection Through a Simple Robot Analogy

The article uses a warehouse‑robot analogy to illustrate how mixing user‑supplied data with commands leads to SQL injection and explains that separating commands from data via parameterized queries prevents this security flaw.

Parameterized QuerySQL injectionSecurity

0 likes · 5 min read

Understanding SQL Injection Through a Simple Robot Analogy

Big Data and Microservices

Mar 28, 2016 · Information Security

Understanding Database SQL Injection: Types, Examples, and Defense Strategies

The article examines why databases are frequent targets of security breaches, explains the most common SQL injection vulnerability, categorizes injection paths, methods, and examples—including manipulation, code, function‑call, and buffer‑overflow attacks—then outlines practical defense measures such as input encryption, database firewalls, and patching.

Code InjectionDatabase SecurityOracle

0 likes · 14 min read

Understanding Database SQL Injection: Types, Examples, and Defense Strategies

ITPUB

Dec 28, 2015 · Information Security

How to Start Learning Hacking: Foundations, Mindset, and Essential Skills

This guide outlines the fundamental concepts, mindset, and step‑by‑step skills needed for beginners to start learning hacking and information security, covering everything from basic network knowledge to legal considerations.

SQL injectionhacking basicsinformation security

0 likes · 10 min read

How to Start Learning Hacking: Foundations, Mindset, and Essential Skills

High Availability Architecture

Jul 30, 2015 · Information Security

Web Application Security Threats and Mitigation Strategies

This article outlines the most common web application security threats—including XSS, SQL injection, CSRF, transmission hijacking, credential leaks, brute‑force attacks, and token theft—and provides practical mitigation techniques such as proper escaping, CSP, parameterized queries, CSRF tokens, HTTPS, HSTS, HPKP, encrypted password storage, two‑factor authentication, and robust token handling.

CSPCSRFHTTPS

0 likes · 26 min read

Web Application Security Threats and Mitigation Strategies

Art of Distributed System Architecture Design

Jul 16, 2015 · Information Security

Beyond GET/POST: Testing HTTP Headers and Cookies for SQL Injection

This article examines how web vulnerability scanners handle non‑traditional input vectors such as HTTP headers and cookies, demonstrates manual exploitation techniques for header‑based SQL injection, compares scanner coverage and accuracy, and offers practical guidance for developers and penetration testers.

SQL injectionSQLMapWeb Security

0 likes · 14 min read

Beyond GET/POST: Testing HTTP Headers and Cookies for SQL Injection