Futaba _ Webs πŸ•ΈπŸ•ΈπŸŽƒπŸ•ΈπŸ•Έ

SQL Injection πŸ•ΈπŸ•ΈπŸŽƒπŸ•ΈπŸ•Έ

Today I'll be covering SQL injection and advanced fuzzing and filter bypassing techniques you need to know to be a successful pen-tester. You can't avoid not knowing this as you'll see it regardless of what side you are on: blue team, if you are defending against it, or red team, if you are checking if it's a weakness in the system. As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, lets begin!

πŸŽƒ Article πŸŽƒ Glossary πŸŽƒ Catalog πŸŽƒ Home πŸŽƒ Search Mode

πŸŽƒ Article Glossary

πŸ•Έ Synopsis πŸ•Έ

Today I'll be covering SQL injection and advanced fuzzing and filter bypassing techniques you need to know to be a successful pen-tester. You can't avoid not knowing this as you'll see it regardless of what side you are on: blue team, if you are defending against it, or red team, if you are checking if it's a weakness in the system. As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, lets begin!

Disclaimer

As always, personal disclaimer, any and all information for this is strictly for educational purposes and I do not condone any form of illegal activity, nor am I responsible for anything you should use this information for. DO NOT pen-test on anyone's network unless it is your own, or you have permission to do so. Now, let's begin!

πŸ•Έ Article Topics πŸ•Έ

I'll be discussing the following topics in order:

πŸŽƒ What is SQL Injection?

πŸŽƒ What is TCP/IP?

You can click on any of the topics to simply check that one out if it interests you!

NOTE: Articles are read from LEFT to RIGHT via 2 columns! Read the first column all the way down and then move to the next one!

πŸ•Έ Key Links πŸ•Έ

Here's a quick run down on all the main links that are in the article in case you want to check them out first.

πŸŽƒ LinkedIn Version

πŸŽƒ Patreon Version

πŸŽƒ SQL Injection

What is SQL Injection? πŸ•ΈπŸ•ΈπŸŽƒπŸ•ΈπŸ•Έ

What exactly is SQL injection? SQL injection exploits invalid user input, input that isn't properly validated when being handled to the server side from the client side when the end user performs a query to the server: logins, searches, etc. This allows you to take advantage of the input you send to manipulate the server-side back-end to retrieve additional data that isn't intended for you. This allows you to access stuff like: additional information from the main database table you are linked to, additional database tables, and additional functions and or features of the back-end of the database that you are talking to such as system command features that allow you to pivot and hijack the system further for OS command injection exploits. You can even manipulate the very privileges that are set for you and upgrade yourself to admin if you wanted to either via OS command injection if system commands are enabled on the SQL server, or via the usage of SQL queries that you can use to edit your information in the system. The possibilities are endless and are only limited based on the scope of your imagination. If you are wondering what OS command injection exploits are, it's essentially where you inject shell-code commands like bash and power-shell to the server side end to control the system directly. The overall premise of injection methods is to exploit the processes and features of the server side you are talking to in order to control it. This requires you to do a bit of recon on how the server works in order to understand what weak points to look for. We'll eventually cover how to search for injection types a system might be vulnerable to.

What is TCP/IP? πŸ•ΈπŸ•ΈπŸŽƒπŸ•ΈπŸ•Έ

But first, In order for you to fully understand how SQL injection works, we need to go over the TCP/IP 3-way-handshake. This carries over on a fundamental level and gets you into the habit of understanding how network data communications function on a logical and "visual" level. SQL injection is often hard due to a lot of people unable to "visualize" how the process works. Visualization is KEY in tech, especially Cyber Security.

When you visit a web application, you begin a process that is known as the TCP/IP handshake, which occurs in 3 steps via flags set in ICMP data packets: SYN, where the client is initiating a connection to the server, SYN/ACK, where the server responds, acknowledging the session being inquired, followed by ACK, which the client sends to finalize and begin the connection to the server. SQL queries follow a similar order: you input data into the parameter of a web application, and then that information is processed into a structured query, and then sent to the server side for processing on the back-end, in which the server responds back to you and you acknowledge it.

A good place to get a visual demonstration of what I'm talking about in regards to SQL injection can be found here at this link.




What is TCP/IP? πŸ•ΈπŸ•ΈπŸŽƒπŸ•ΈπŸ•Έ

But first, In order for you to fully understand how SQL injection works, we need to go over the TCP/IP 3-way-handshake. This carries over on a fundamental level and gets you into the habit of understanding how network data communications function on a logical and "visual" level. SQL injection is often hard due to a lot of people unable to "visualize" how the process works. Visualization is KEY in tech, especially Cyber Security.

When you visit a web application, you begin a process that is known as the TCP/IP handshake, which occurs in 3 steps via flags set in ICMP data packets: SYN, where the client is initiating a connection to the server, SYN/ACK, where the server responds, acknowledging the session being inquired, followed by ACK, which the client sends to finalize and begin the connection to the server. SQL queries follow a similar order: you input data into the parameter of a web application, and then that information is processed into a structured query, and then sent to the server side for processing on the back-end, in which the server responds back to you and you acknowledge it.

A good place to get a visual demonstration of what I'm talking about in regards to SQL injection can be found here at this link.


portfolio img

If you like to see the more advanced version of this article that talks about methods that can be used to mitigate, as well as any videos included, SUBSCRIBE TO MY PATREON CYBER SECURITY TIER!

If you enjoyed this post give it a thumbs up! I’ll be keeping track of whose reacting from now on as there is a β€œspecial” reason for it. Just know the more you support my content the more there is in stored!


- The Hacker Who Laughs πŸ•ΈπŸ•ΈπŸŽƒπŸ•ΈπŸ•Έ

portfolio img

The Hacker Who Laughs πŸ•ΈπŸ•ΈπŸŽƒπŸ•ΈπŸ•Έ

portfolio img

Is TCM Security Still Credible? πŸ•ΈπŸ•ΈπŸŽƒπŸ•ΈπŸ•Έ

- The Hacker Who Laughs πŸ•ΈπŸ•ΈπŸŽƒπŸ•ΈπŸ•Έ
portfolio img

How to Build Your Personal Brand? πŸ•ΈπŸ•ΈπŸŽƒπŸ•ΈπŸ•Έ

- The Hacker Who Laughs πŸ•ΈπŸ•ΈπŸŽƒπŸ•ΈπŸ•Έ
portfolio img

Women’s History Month 2025 πŸ•ΈπŸ•ΈπŸŽƒπŸ•ΈπŸ•Έ

- The Hacker Who Laughs πŸ•ΈπŸ•ΈπŸŽƒπŸ•ΈπŸ•Έ
portfolio img

Why Futaba Does Cyber Security!? πŸ•ΈπŸ•ΈπŸŽƒπŸ•ΈπŸ•Έ

- The Hacker Who Laughs πŸ•ΈπŸ•ΈπŸŽƒπŸ•ΈπŸ•Έ
portfolio img

FREE Resource? OR Opportunities? πŸ•ΈπŸ•ΈπŸŽƒπŸ•ΈπŸ•Έ

- The Hacker Who Laughs πŸ•ΈπŸ•ΈπŸŽƒπŸ•ΈπŸ•Έ
portfolio img

Ex Machina Parlor πŸ•ΈπŸ•ΈπŸŽƒπŸ•ΈπŸ•Έ

- The Hacker Who Laughs πŸ•ΈπŸ•ΈπŸŽƒπŸ•ΈπŸ•Έ
portfolio img

Article Catalog πŸ•ΈπŸ•ΈπŸŽƒπŸ•ΈπŸ•Έ

- The Hacker Who Laughs πŸ•ΈπŸ•ΈπŸŽƒπŸ•ΈπŸ•Έ

πŸŽƒ CONTACT ME

AnOnYmOuS

futaba.webs@gmail.com

New York, NY United States