Sign in

Engineering | CyberSecurity | Alien | Geek | OldSchool | Respect

What is SQL injection ? SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database allows an attacker to view data that they are not normally able to retrieve.

before start basic knowledge about SQL Query recommended

check this repo for SQL basics …

Remember : the — (double-dash) comment style requires the second dash to be followed by at least one white space or control character (such as a space, tab, newline, and so on) …

Many URL decoders treat + as a space.

SQL Injection…


There are three main types of XSS attacks. These are:

  • Reflected XSS where the malicious script comes from the current HTTP request.
  • Stored XSS where the malicious script comes from the website’s database.
  • DOM-based XSS where the vulnerability exists in client-side code rather than server-side code.

When testing for reflected and stored XSS, a key task is to identify the XSS context:

  • The location within the response where attacker-controllable data appears.
  • Any input validation or other processing that is being performed on that data by the application.

comprehensive XSS cheat sheet from portSwigger

Scenarios …

XSS between HTML tags When the XSS…

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store