Login

Recent searches

No recent searches

Search options

Not available on mastodon.xyz.
mastodon.xyz is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Mastodon instance, open to everyone, but mainly English and French speaking.

Administered by:

Server stats:

743
active users

mastodon.xyz: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

#sqlinjection

0 posts0 participants0 posts today
Replied in thread
Public
Wulfy

@dangoodin

Weird thing I observed in #infosec
There is an incredible amount of disinterest/contempt for #AI amongst many practitioners.

This contempt extends to willful ignorance about the subject.
q.v. "stochastic parrots/bullshit machines" etc.

Which, in a field with hundreds of millions of users, strikes me as highly unprofessional. Just the other day I read a blog post by a renown hacker (and likely earned a mute/block) "Why I don't use AI and you should not too".

Connor Leahy, CEO of #conjecture is one of the few credible folks in the field.

But to the question at hand.
The prompts are superbly sanitised.
In part by design, in part due to the fact that you are not connecting to a database but to a multidimensional vector data structure.

The #prompt is how you get in through the backdoor. Though I haven't looked into fuzzing, but I suspect because of the tech, the old #sqlinjection tek and similar will not work.

Long story short; It is literally impossible to build a secure #AI. By the virtue of the tech.
#promptengineering is the key to open the back door to the knowledge tree.

Then of course there are local models you can train on your own datasets. Including a stack of your old #2600magazine

#hack#hacking#aisecurity
Public
Anonymous 🐈🐾☕🍵🏴🇵🇸 :af:

A SQL injection in a cookie consent parameter at a major automotive company led to full PII leaks and potential RCE. Highlights the need for strict input validation and secure coding practices. #SQLInjection #DataLeak #Japan #CyberAttacks hendryadrian.com/from-cookie-c

from cookie consent to command execution a realworld sqli full pii le
Cybersecurity News Everyday · From Cookie Consent to Command Execution A Real-World SQLi + Full PII Leak to RCE on a Careers,…This article details how a SQL injection vulnerability was discovered in a cookie consent parameter on a major automobile company's career portal, leading to severe security breaches. It highlights the importance of validating frontend parameters and implementing secure coding practices to prevent such critical exploits. #SQLInjection #BugBounty
Public
Richi Jennings

Content warning: Domestic abuse, stalking, controlling behavior, Schadenfreude, irony.

A new data leak shows the dangers of secret, silent #stalkerware. An app known as #Catwatchful appears to be just as insecure as all the others.

The Catwatchful app’s user login database was vulnerable to a simple #SQLinjection attack. In #SBBlogwatch, we call for Little Bobby Tables.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: securityboulevard.com/2025/07/

(Also known as #spouseware and #creepware, this vile trade enables all manner of frightening and dangerous abuse, from stalking to serious sexual assault. It’s no laughing matter.)

Public
maschmi

Today I learned one can create an alias which executes a custom #java function via #sql in a #H2 database. Combine this with a #springboot or other application allowing #sqlinjection and "oops, compromised". Lucky for me it was only an exercise and not in a real application.

Someone else wrote about it: medium.com/r3d-buck3t/chaining

And here are the official docs: h2database.com/html/commands.h

I truly miss the days I did not know of such things...

R3d Buck3T · Chaining Vulnerabilities in H2 Database for RCE - R3d Buck3T - MediumBy Nairuz Abulhul
Public
Rad Web Hosting

10 Steps to Protect Your #VPS Against SQL Injection
This article provides a guide discussing how to protect your VPS against SQL injection.
What is SQL Injection?
SQL Injection is a type of cyber attack where an attacker inserts or “injects” malicious SQL code into a query through input fields, URLs, or other data entry points. If the application doesn't properly validate or sanitize the input, the ...
Continued 👉 blog.radwebhosting.com/how-to- #mariadb #vpsguide #sqlinjection #postgresql

RadWeb, LLC · 10 Steps To Protect Your VPS Against SQL Injection - VPS Hosting Blog | Dedicated Servers | Reseller HostingHere’s a detailed guide on how to protect your VPS against SQL Injection attacks.
Public
Cyberkid

SQL Injection (SQLi) 💉 – Everything You Need to Know

What is SQL Injection?
SQL Injection is a code injection technique that allows attackers to interfere with the queries an application makes to its database.

Types of SQLi:

1. In-band SQLi – Most common and easy to exploit.

2. Blind SQLi – Data isn’t visibly returned but can still be extracted through inference.

3. Out-of-band SQLi – Uses external servers to get results (less common but powerful).

4. Time-Based Blind SQLi – Server delay used to infer info from the database.

Attack Scenarios:
▫️Bypassing logins
▫️Dumping database contents
▫️Modifying or deleting data
▫️Escalating privileges
▫️Accessing admin panels

Common SQLi Targets:
🔹Login forms
🔹Search boxes
🔹URL parameters
🔹Cookies
🔹Contact or feedback forms

How to Prevent SQLi:
▪️Use parameterized queries
▪️Employ ORM frameworks
▪️Sanitize all user inputs
▪️Set least privilege for DB users
▪️Use Web Application Firewalls (WAF)

♦️Red Team Tip
Test all user input points, especially where data touches the database. Think beyond login forms—SQLi hides in unexpected places.

🔖Hashtags:
#SQLInjection #CyberSecurity #EthicalHacking #InfoSec #WebSecurity #RedTeam #BugBounty #Pentesting

⚠️Disclaimer:
This content is for educational purposes only. Always perform security testing with explicit permission. Unauthorized testing is illegal and unethical.

Public
Cyberkid

Everything About SQL Injection 💉

What is SQL Injection?
SQL Injection is a web vulnerability that lets attackers manipulate database queries. This can lead to unauthorized access, data leaks, or even full control of the system.

🔬Types of SQL Injection

1️⃣ Classic SQLi – Injecting raw SQL commands.
2️⃣ Blind SQLi – No errors, but the response changes.
3️⃣ Time-Based SQLi – Uses response delays to extract data.
4️⃣ Union-Based SQLi – Merges malicious queries with valid ones.
5️⃣ Out-of-Band SQLi – Exfiltrates data through DNS, HTTP, etc.

♦️Potential Impact
▫️Access & dump sensitive data
▫️Bypass login systems
▫️Alter or delete database entries
▫️Full system compromise

🔰Common Entry Points
▫️Login forms
▫️Search inputs
▫️Contact forms
▫️URL query parameters

Defense Strategies 🛡
✅ Use parameterized queries
✅ Validate & sanitize inputs
✅ Apply least privilege to DB accounts
✅ Monitor logs for anomalies
✅ Perform regular security audits

📀Image Description (for visual):
🔹A sleek cyber-themed layout with:
🔹A hacker icon injecting code
🔹A login form being exploited
🔹Database icons showing exposed data
🔹A shield labeled “Prepared Statements” blocking the attack

🔖Tags
#SQLInjection #CyberSecurity #EthicalHacking #WebSecurity #BugBounty #InfoSec #Pentesting #OWASP #DatabaseSecurity #HackerTips

⚠️Disclaimer
This content is for educational and ethical purposes only. Do not attempt to exploit vulnerabilities without proper authorization. Always follow legal and ethical guidelines when testing or learning about cybersecurity.

ExploreLive feeds
About