Category: Web

PortSwigger: SQL injection attack, listing the database contents on Oracle

Hello, world wide web and welcome to HaXeZ where today we’re looking at PortSwigger Web Security Academy: SQL injection 8. This lab requires you to query the information schema to get the table name, column names and then perform a UNION injection to get the administration username and password. It’s the same as the last lab except for this time we need to alter our syntax as we’re doing it against an Oracle database. …


PortSwigger: SQL injection attack, listing the database contents on non-Oracle databases

Hello World, and welcome to HaXeZ where today we’re looking at PortSwigger Web Security Academy: SQL injection 7. This lab requires you to query the information schema to get the table name, and column names and then perform a UNION injection to get the administration username and password….


Hack This Site: Extended Basic – Mission 5

Dear Friend, welcome to HaXeZ where today we will be looking at the Hack This Site Extended Basic mission 5. This mission is another programming mission that requires you to review the contents of a PHP file and then subsequently a shell script that is used to edit the PHP file. There is an error in the shell script that prevents it from doing what it’s supposed to do. We need…


Hack This Site: Extended Basic – Mission 4

ear Friend, welcome to HaXeZ where today we will be looking at the Hack This Site Extended Basic mission 4. This mission is another programming mission that requires you to examine the source code of an application to determine its output. Again, please be advised that I’m terrible at programming so my explanation might be terrible….


Hack This Site: Extended Basic – Mission 3

Hello world and welcome back to HaXeZ, thank you for surfing by. This post is a walkthrough of the Hack This Site Extended Basic Mission 3. The purpose of this challenge is to deduce the function of a bespoke programming language’s application. A basic understanding of programming and assigning variables is required for this challenge. However, I’m terrible at programming and was still able to solve the challenge….


PortSwigger: SQL injection attack, querying the database type and version on MySQL and Microsoft

Hello, world wide web and welcome to HaXeZ where today we’re looking at PortSwigger Web Security Academy: SQL injection 6. This lab requires you to return the database type on MySQL with Microsoft. I’m not sure if that means, a MySQL database on Microsoft Windows or whether…


PortSwigger Web Security Academy: SQL injection attack, querying the database type and version on Oracle

XeZ is looking at the 5th SQL Injection lab on Portswigger Web Security Academy. This lab requires you to perform a UNION-based SQL injection to retrieve the database version string. We can use the same techniques that we have developed so far….


PortSwigger Web Security Academy: SQL injection 4

ello friends and today HaXeZ is looking at the 4th SQL Injection lab on Portswigger Web Security Academy. This lab requires you to take the UNION-based injection performed in the third lab. However, this time there is only one column that supports text. We will need to concatenate the results in order to complete the lab….


PortSwigger Web Security Academy: SQL injection 3

Hello friends and today HaXeZ is looking at the 3rd SQL Injection lab on Portswigger Web Security Academy. This lab requires you to take the UNION-based injection performed in the second lab, and extend it. This time we’re going to retrieve the contents of the username and password columns from…


PortSwigger Web Security Academy: SQL injection 2

Hello friends and today HaXeZ is looking at the 2nd SQL Injection lab on Portswigger Web Security Academy. This lab requires you to take the UNION-based injection performed in the first lab, and extend it. Instead of just identifying the number of columns, we’re going to test which columns can hold text. In order to do this, we will use the same methodology for the first one but then replace one of the NULL values with a string. …