Profile picture
, 6 tweets, 2 min read
My Authors
Read all threads
SQL injection mitigations: Method #1
"Prepared Statements" is including place holders instead of variables in SQL queries that later on would be replaced by the user's input.
The SQL statement will run first with the place holder and then the actual data will be sent to the database and replace the placeholder inside SQL statements
Ex of a prepared statement

String email = "user@email.com";

String sql = "SELECT * FROM users WHERE email = ?";
Don't construct the query with string concatenation. That would cause a Sql vulnerability like in the below example:

String email = "user@email.com";

String sql = "SELECT * FROM users WHERE email = '" + email + "'";
Sources:
+ hacksplaining.com
+ @cybraryIT
@threadreaderapp unroll
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Nairuz Abulhul

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @NairuzAbulhul see all

Profile picture
Nairuz Abulhul
@NairuzAbulhul
#Windows Tip:
Change file permissions on Windows using cacls.

Cacls files /e /p {USERNAME}:{PERMISSION}
#HTB #infosec
/p : Set new permission
/e : Edit permission

{USERNAME} : Name of user
{PERMISSION} : Permission can be:
R – Read
W – Write
C – Change (write)
F – Full control

Source: @nixcraft
@threadreaderapp unroll
Read 3 tweets
Profile picture
Nairuz Abulhul
@NairuzAbulhul
In a second order SQL injection, an application takes a user input from an HTTP request and stores it for future retrieval. It is two parts injection
#HTB #infosec #websecurity
An example of this would be a vulnerable application that has "sign up" page and "login page". The sign up page would be used to send POST requests to store data in the db in a form of SQL query and the login page would be used to send different POST requests to retrieve thedata
@LissanonCedric actually, no both requests are POST requests. That was a typo, I fix it . Thanks for bring it up 👍
Read 4 tweets
Profile picture
Nairuz Abulhul
@NairuzAbulhul
Same Origin Policy is a web security concept that allows browsers to prevent loading scripts from different sources or reading cookies and session data remotely. It helps to prevent basic XSS and CSRF attacks #websecurity #infosec
An origin consists of a URI scheme://+host name + port number
Ex: example.com:8080
*If no port is given, it will be given the default port of the scheme. HTTP is 80 and HTTPS is 443
This policy allows browsers to load and read data from the scope of the same origin only
Ex: company.com as an origin can load scripts and read data only from pages that have the same origin as http:// company.com or company.com/dir/
Read 5 tweets

Related threads

Profile picture
𝚣𝚘𝚎.
@myouinatozakim
Tagalog SAIDA AU
Kung saan may gusto si Sana kay Dahyun at dahil sobrang lakas ng trip ng mga kaibigan ni Sana, chinat nila si Dahyun gamit account ni Sana

o

sa madaling salita, isang tagalog saida crack au.
• ang magreply magtatae buong magdamag ((bukod sakin kasi nag diatabs ako eh))
• 𝘴𝘰𝘮𝘦 parts are based on real life events ((malandi kase friends ko))
• some convos 𝘮𝘪𝘨𝘩𝘵 be from my messenger ((pero mostly sa friends ko)) 👀
• hulaan niyo ano galing sa convos ko 🤣
Sana - may gusto kay Dahyun pero walang ginagawa kasi wala raw siya pag-asa??? ((pano mo malalaman kung wala eh wala ka naman ginagawa sis))

Dahyun - may gusto DATI kay Sana pero ngayon iba na ang gusto 👀
Read 158 tweets
Profile picture
BaekTheWay
@LoeyBaekery
| ChanBaek Au |

Do arrange marriages still work in this age? Especially when the people involved are complete tangents?

Baekhyun is a laid back easy-going person living his life 1 day at a time, where as Chanyeol has every day until the next year already planned.

Catastrophe?
~ The first meeting ~
12:13 Pm.

The guy was 13 minutes late was all that Chanyeol could think of when he continued wiping the already clean screen of his wrist watch.

He had only placed aside an hour for this meeting and 13mins were already wasted this meant that he'd have to push back a few things.
Read 810 tweets
Profile picture
Sally Hayden
@sallyhayd
It seems an independent auditor came to Abu Salim today looking into UN activities. The guards told detainees in advance not to mention that they haven't been fed for months (some of their families are sending them money to buy food with instead, which guards take a cut from).
Messages today from Qasr bin Ghashir dc, southern Tripoli, today, where they’re asking for evacuation & any organisation that can help them.
Sorry for my confusion, the teenager above was being held in Qasr bin Ghashir, but has now been moved to the UNHCR facility in Tripoli for evacuation. He's asking for help for those he left behind.
Read 386 tweets
Profile picture
Jaysen Adam
@PatriotBulldog2
[From drop 1928] Q uses movies to explain. Movie 1 was everything from the beginning. It explained the plot, backstories, and details necessary to understand. All of the subplots were started and the characters established. Foreshadowing of what was to come was eluded to.
Movie 2, where we are now. The sequel where major plot lines are beginning to reach their apex, the hero is met with their most challenging tests. At moments, it feels like the good guys are losing and have no hope of finding justice.
The sequel usually leaves the hero bruised and broken. The loser of the major battle, his allies scattered, sent licking their wounds. The audience is left conflicted, speculating on the hero's next more. They are blown away by how the villain was able to overcome and win.
Read 8 tweets
Profile picture
Ryan Doherty
@RyanDoherty47
I’m attempting to compose a thread for anyone interested in my thoughts on $TSLA. Which is none of you. Basically, I’m trying to put my thoughts down to help me see if I understand my position clearly or if my perspective has a blind spot in it. Read only if you’re bored.
A lot of you $TSLAQ guys have been sharing theories about margins and accounting and whatnot while we wait for the 10-Q. An important aspect of this investment for me is learning what I can do and what I can’t. And right now, what I can’t do can fill a warehouse.
I can’t break down info as well as @TeslaCharts
I can’t analyze financial statements like @ElonBachman or @JoeyExperience
I can’t model or predict like @Valuetrap13 or @Smack_Check (yep, even though he’s a bull, his modeling is great. It’s just his assumptions that suck)
Read 24 tweets
Profile picture
Foreign Ministry 🇸🇦
@KSAmofaEN
#Statement | The negative and surprising attitude of #Canada is an entirely false claim and utterly incorrect.
#Statement | We have been briefed by what the #Canadian foreign minister and the Canadian embassy to the #Kingdom released on what they named "civil society rights activists", and we affirm that this negative and surprising attitude is an incorrect claim.
#Statement | The Canadian position is an overt and blatant interference in the internal affairs of the Kingdom of #SaudiArabia and is in contravention of the most basic international norms and all the charters governing relations between States.
Read 10 tweets

Trending hashtags

#India #1MDB #GulamRasoodDar #WorldRefugeeDay #Lashkar #Mujahideens #Balakot #blockchain #Syria #Kunar #Taxila #FBI #Mob #Geelani #Hafiz #AJk #Rawalpindi #OperationSophia #MajeedDar #ElHiblu1 #Flip #Mansehra #Shia #Afghanistan #HizbulMujahideen
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!