Web Security Learning
stable
Content Index:
1. Prologue
2. Computer Networks and Protocols
3. Information Collection
4. Common vulnerability attack and defense
4.1. SQL Injection
4.1.1. Injection Classification
4.1.2. Injection Detection
4.1.3. Privilege Escalation
4.1.4. Database Detection
4.1.5. Bypass Techniques
4.1.6. SQL Injection Tips
4.1.7. CheatSheet
4.1.8. Precompile
4.1.9. Reference articles
4.2. XSS
4.3. CSRF
4.4. SSRF
4.5. Command Injection
4.6. Directory Traversal
4.7. File reading
4.8. File Upload
4.9. File Include
4.10. XXE
4.11. Template Injection
4.12. Xpath injection
4.13. Logic Vulnerability / Business Vulnerability
4.14. Configuration and Policy Security
4.15. Middleware
4.16. Web Cache Spoofing Attack
4.17. HTTP Request Smuggling
5. Language and Framework
6. Intranet penetration
7. Cloud Security
8. Defense Technology
9. Authentication Mechanism
10. Tools and Resources
11. Manual Quick Check
12. Others
Web Security Learning
»
4.
Common vulnerability attack and defense
»
4.1.
SQL Injection
4.1.
SQL Injection
ΒΆ
Content Index:
4.1.1. Injection Classification
4.1.1.1. Introduction
4.1.1.2. Classification by technique
4.1.1.3. Classification by way of acquiring data
4.1.2. Injection Detection
4.1.2.1. Common injection points
4.1.2.2. Fuzz injection point
4.1.2.3. Test constants
4.1.2.4. Number of test columns
4.1.2.5. Error injection
4.1.2.6. Stacked Injection
4.1.2.7. Comments
4.1.2.8. Judging filter rules
4.1.2.9. Obtaining information
4.1.2.10. Test permissions
4.1.3. Privilege Escalation
4.1.3.1. UDF Privilege Escalation
4.1.4. Database Detection
4.1.4.1. MySQL
4.1.4.2. Oracle
4.1.4.3. SQLServer
4.1.4.4. PostgreSQL
4.1.5. Bypass Techniques
4.1.6. SQL Injection Tips
4.1.6.1. Wide Byte Injection
4.1.7. CheatSheet
4.1.7.1. SQL Server Payload
4.1.7.2. MySQL Payload
4.1.7.3. PostgresSQL Payload
4.1.7.4. Oracle Payload
4.1.7.5. SQLite3 Payload
4.1.7.6. NoSQL Payload
4.1.8. Precompile
4.1.8.1. Introduction
4.1.8.2. Simulate precompilation
4.1.8.3. Bypass
4.1.9. Reference articles
4.1.9.1. Tricks
4.1.9.2. Bypass
4.1.9.3. NoSQL