Appgini

Love this prototyping software …brilliant!

Continue reading Appgini

How to Hack Databases: Hacking MySQL Online Databases with Sqlmap

This guide is for Backtrack…no longer available…use KALI LINUX…works the same. Generally, MySQL is teamed up with PHP and an Apache web server (often referred to as LAMPP or XAMPP) to build dynamic, database driven web sites. Such development packages as Drupal, Joomla, WordPress, Ruby on Rails and others all use MySQL as their default database. Millions of websites have MySQL backends and very often they are “homegrown” websites, without much attention on security.In this tutorial, we will looking to extract information about an online MySQL database before we actually extract information from the database. Once again, I’ll repeat, the …

Continue reading How to Hack Databases: Hacking MySQL Online Databases with Sqlmap

holding image data on mysql

two things are needful fot holding image data on mysql 1/. A BLOB field so that the data is held truly 8 bit clean 2/. A way to inject it without trying to use tools designed for text. I’ve used two methods. Both work. (a) use the ‘load file’ command t tp transfer an image on disk to Msql. It does however need special mysql privileges that are not always available or safe.. 2/. From PHP environment, I turn the image data into an enormous hexadecimal number. MySQL seems able to understand that as niray data OK. ie in PHP …

Continue reading holding image data on mysql

Generate data

Ever needed custom formatted sample / test data, like, bad? Well, that’s the idea of this script. It’s a free, open source tool written in JavaScript, PHP and MySQL that lets you quickly generate large volumes of custom data in a variety of formats for use in testing software, populating databases, and… so on and so forth. https://www.generatedata.com/#t2  

Continue reading Generate data

Display mysql table data in a wp page

My aim was to display data from a mysql table onto a wordpress page. I could do it using wpdb class as mentioned in the codex.But i didn’t know the file where i should write this php code that contains wpdb class functions to retrieve data from mysql table. Hence i installed Exec-PHP plugin.(The Exec-PHP plugin executes PHP code in posts, pages and text widgets) Now you are free to write your php code in the page editor and get the retrieved data on your page. Steps to retrive data and display it on a wordpress page: Create a table …

Continue reading Display mysql table data in a wp page

Interact with database in WordPress

Just a collection of useful links, at least to me WordPress database basics and schema, WordPress Codex Documentation on $wpdb, WordPress Codex “Data validation,” WordPress Codex “SQL Injection,” Wikipedia “SQL Injection Attacks by Example,” Steve Friedl ezSQL class documentation, Justin Vincent

Continue reading Interact with database in WordPress

Automation Tools for SQL Injection

These tools include HavijAdvanced SQL Injection – https://www.itsecteam.com/products/havij-v116-advanced-sql-injection/index.html#tabset-tab-2 SQLDict – https://ntsecurity.nu/toolbox/sqldict/ SQLSmack – https://www.securiteam.com/tools/5GP081P75C.html SQLPing 2 – https://www.sqlsecurity.com/downloads/sqlping2.zip?attredirects=0&d=1 SQLMap – https://sqlmap.org/

Continue reading Automation Tools for SQL Injection

Mysql: How to disable single database without dropping or renaming it

A colleague of mine working on MySQL database asked me How it is possible to disable a MySQL database . He is in situation where the client has 2 databases and application and is not sure which of the two databases the application uses. Therefore the…

Continue reading “Mysql: How to disable single database without dropping or renaming it”