Category: Burp

PortSwigger: SQL injection attack, listing the database contents on Oracle

Hello, world wide web and welcome to HaXeZ where today we’re looking at PortSwigger Web Security Academy: SQL injection 8. This lab requires you to query the information schema to get the table name, column names and then perform a UNION injection to get the administration username and password. It’s the same as the last lab except for this time we need to alter our syntax as we’re doing it against an Oracle database. …


PortSwigger: SQL injection attack, listing the database contents on non-Oracle databases

Hello World, and welcome to HaXeZ where today we’re looking at PortSwigger Web Security Academy: SQL injection 7. This lab requires you to query the information schema to get the table name, and column names and then perform a UNION injection to get the administration username and password….


PortSwigger: SQL injection attack, querying the database type and version on MySQL and Microsoft

Hello, world wide web and welcome to HaXeZ where today we’re looking at PortSwigger Web Security Academy: SQL injection 6. This lab requires you to return the database type on MySQL with Microsoft. I’m not sure if that means, a MySQL database on Microsoft Windows or whether…


PortSwigger Web Security Academy: SQL injection attack, querying the database type and version on Oracle

XeZ is looking at the 5th SQL Injection lab on Portswigger Web Security Academy. This lab requires you to perform a UNION-based SQL injection to retrieve the database version string. We can use the same techniques that we have developed so far….


PortSwigger Web Security Academy: SQL injection 4

ello friends and today HaXeZ is looking at the 4th SQL Injection lab on Portswigger Web Security Academy. This lab requires you to take the UNION-based injection performed in the third lab. However, this time there is only one column that supports text. We will need to concatenate the results in order to complete the lab….


PortSwigger Web Security Academy: SQL injection 3

Hello friends and today HaXeZ is looking at the 3rd SQL Injection lab on Portswigger Web Security Academy. This lab requires you to take the UNION-based injection performed in the second lab, and extend it. This time we’re going to retrieve the contents of the username and password columns from…


PortSwigger Web Security Academy: SQL injection 2

Hello friends and today HaXeZ is looking at the 2nd SQL Injection lab on Portswigger Web Security Academy. This lab requires you to take the UNION-based injection performed in the first lab, and extend it. Instead of just identifying the number of columns, we’re going to test which columns can hold text. In order to do this, we will use the same methodology for the first one but then replace one of the NULL values with a string. …


PortSwigger Web Security Academy: SQL injection 1

Hello friends and thanks for coming to HaXeZ where today we’re looking at the first SQL injection lab on Portswigger Web Security Academy. In order to keep things simple, I will be doing the labs in the order that they apepars on the all-labs page. While this doesn’t make much sense from a difficulty perspective,…


Burp Suite Certified Practitioner – Getting Started

Hello and welcome to HaXeZ, today we’re going to be talking about the Burp Suite Certified Practitioner certification. For those new to Cybersecurity, you may not know that Burp Suite is probably the best web testing tools available. You may also not know that Portswigger (the parent company) offers certification for Burp Suite. Furthermore, you may also not know that the exam to get the certificate is currently only $99! Additionally, if you pass it before December 10th, 2021, they will refund you!!!…