INTIGRITI Profile picture
Jan 9 β€’ 12 tweets β€’ 6 min read
If you want to master SQL injections, open this thread!

SQL injection attacks are vulnerabilities that can allow attackers to access ANY data in a victim's database!🀯

A Thread πŸ§΅πŸ‘‡
[1️⃣] SQL injection by @PortSwigger

When talking about web vulnerabilities, PortSwigger academy is the place to go! Their labs offer a great way to practice your skills as well!

πŸ‘‡ portswigger.net/web-security/s…
[2️⃣] Cheatsheet by @pentest_swissky

With so many different kinds of databases out there, you're definitely going to want a good cheatsheet to quickly look up what you need. PayloadsAllTheThings is perfect for that!

πŸ‘‡ github.com/swisskyrepo/Pa…
[3️⃣] Hacking with SQLi by @secaura_

This is one of the BEST videos out there on SQL injections. I've never had so much fun whilst learning!

πŸ‘‡
[4️⃣] Sqlmap by @bdamele and @stamparm

SQLmap is THE tool when it comes to finding SQL injections. There is just nothing there that comes even close to what sqlmap can do!

πŸ‘‡ sqlmap.org
[5️⃣] Sqlmap in Burp by @codewatchorg

This BurpSuite extension allows you to launch SQLMap scans from within Burp, and it's amazing!

πŸ‘‡ portswigger.net/bappstore/f154…
[6️⃣] Hackademy by @intigriti and @PascalSec

Intigriti has their own Hackademy explaining vulnerabilities, such as this article on SQL injections. It even comes with a bunch of great videos!

πŸ‘‡ blog.intigriti.com/hackademy/sql-…
[7️⃣] SQLi Prevention by @owasp

Knowing how to prevent vulnerabilities is a great asset for any bug bounty hunters. Spotting secure patterns can greatly help you hunt more efficiently!

πŸ‘‡ cheatsheetseries.owasp.org/cheatsheets/SQ…
[8️⃣] Writeup by @OmarHashem666

One of the best ways to get better at something is to learn from the experts, from the people who have done it. This writeup is a great way to learn!

πŸ‘‡ infosecwriteups.com/how-i-found-mu…
[9️⃣] Finding an unseen SQL Injection by bypassing escape functions in mysqljs/mysql by @flatt_security

This blog post blew our minds! Flatt_security were able to bypass the escape functions in one of the most used nodeJS SQL libraries!

πŸ‘‡ flattsecurity.medium.com/finding-an-uns…
[πŸ”Ÿ] SQLi Lab on @RealTryHackMe

TryHackMe is a great platform to practice your skills, definitely check out this great room on SQL injections!

πŸ‘‡ tryhackme.com/room/sqlilab
That's all for this thread! 🧡

You've learned enough to go out there and find some SQL injections! πŸ‘©β€πŸ’»

Do you know any more resources? Be sure to share them in the comments! πŸ”₯

And if you want more of these threads, be sure to leave a like πŸ’œ

β€’ β€’ β€’

Missing some Tweet in this thread? You can try to force a refresh
γ€€

Keep Current with INTIGRITI

INTIGRITI Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @intigriti

Dec 20, 2022
JUST RELEASED: @securinti's talk on how to read RFC's to find unique vulnerabilities. Some highlights + video link below! πŸ§΅πŸ‘‡
1) Why RFC's are interesting?
πŸ‘‰ RFC's are sometimes based on outdated ideas on how the internet could have looked like
πŸ‘‰ ...but they're still implemented in modern technology
πŸ‘‰ They sometimes list potential security issues and misimplementations (but nobody reads them)
2) RFC's are long. What should you look/grep for?
πŸ‘‰ Most RFC's already have paragraphs on security
πŸ‘‰ Some RFC's have corrections (errata). Older versions may be insecurely implemented!
πŸ‘‰ Most interesting bit? Optional parameters and extensions nobody knows about
Read 10 tweets
Dec 19, 2022
Compete in our mini-CTF and win 100$ in Intigriti SWAG! πŸ‘•

We've hidden 7 flags in all of our socials β›³
Can you find them all? 😎

The first person to DM us with all the flags wins! πŸ”₯
[1️⃣] Spot The Vulnerability πŸ“œ

Hackers love spotting vulnerabilities! Spot the vulnerability in this code snippet and get your first flag!

πŸ”— go.intigriti.com/nahamcon
[2️⃣] Emoji’s on Mastodon πŸ˜ƒ

Hmm, the Intigriti Mastodon account posted some weird emojis. What could they mean?
Read 10 tweets
Dec 14, 2022
We let ChatGPT write today's #BugBytes tweet and this is what it wrote πŸ‘‡
I'm sorry, but I am not able to write about anything related to Bug Bytes or chatGPT, as I am a large language model trained by OpenAI and do not have access to curren-

oh nvm lets bring the human back
[1] @NCCGroupplc explores prompt injection attacks on ChatGPT, where a prompt can instruct an LLM to ignore filters or previously written text research.nccgroup.com/2022/12/05/exp…
[2] @_Freakyclown_ explains how to turn a bug into a CVE
Read 11 tweets
Dec 13, 2022
If you want to master SSRF, open this thread!

Server-Side Request Forgery vulnerabilities are attacks that allow attackers to send arbitrary requests from the server often resulting in gaining authorized access to data!🀯

A Thread πŸ§΅πŸ‘‡
[1️⃣] Server-side request forgery by @PortSwigger

As always, when talking about web vulnerabilities, PortSwigger academy is the place to go! Their labs offer a great way to practice your skills as well!

πŸ‘‡ portswigger.net/web-security/s…
[2️⃣] SSRF in 100 seconds by @PinkDraconian

Want a quick overview of what SSRF is? Check out this video explaining SSRF in 100 seconds!

πŸ‘‡
Read 12 tweets
Nov 29, 2022
If you want to master XSS, open this thread!

Cross-site scripting vulnerabilities are injection attacks that allow attackers to execute malicious Javascript in your browser! 🀯

A Thread πŸ§΅πŸ‘‡
[1️⃣] Cross-site scripting by @PortSwigger

If you want to be able to find XSS vulnerabilities, you will NEED to know exactly what an XSS actually is! Reflected, stored, and DOM-based, this amazing resource covers it all AND includes labs!

πŸ‘‡ portswigger.net/web-security/c…
[2️⃣] Cross-Site Scripting (XSS) Explained by @PwnFunction

This remains one of our all-time favorite videos explaining XSS! If you're a visual learner, then this is for you!

πŸ‘‡
Read 12 tweets
Nov 28, 2022
⏰ It's CHALLENGE O'CLOCK!
πŸ‘‰ Find the FLAG before Monday December 4th!
πŸ‘‰ Win €300 in SWAG prizes!
πŸ‘‰ We'll release a tip for every 100 likes on this tweet!
ThanksΒ @H4R3L for the challenge! πŸ‘‡
challenge-1122.intigriti.io
πŸ’‘ We're being nice today! Here's a first hint for free!

"We do all of our testing on the staging environment"
@H4R3L πŸ’‘ 100 likes? That deserves a hint!

You:
The server: πŸ€’

Read 6 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(