From 5650ddb8ac9f64bb4c449112fcde38b10fd22981 Mon Sep 17 00:00:00 2001 From: Tyler Perkins Date: Mon, 28 Feb 2022 16:00:01 -0500 Subject: [PATCH] Update for 28-02-22 16:00 --- tech/databases.wiki | 1 - tech/security.wiki | 2 ++ tech/sqli.wiki | 9 +++++++++ 3 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 tech/sqli.wiki diff --git a/tech/databases.wiki b/tech/databases.wiki index 08b3326..1a7a036 100644 --- a/tech/databases.wiki +++ b/tech/databases.wiki @@ -6,7 +6,6 @@ network, with caching and other optimizations. == Database Design Principle == - == SQL == See [[../lang/sql]] diff --git a/tech/security.wiki b/tech/security.wiki index 6ef1c66..f392f3a 100644 --- a/tech/security.wiki +++ b/tech/security.wiki @@ -53,6 +53,8 @@ Hiding information Try setting the HTTP `Host` header value to `internal-ip:80` where internal ip is the ip address of a device inside of the target network +* [[sqli]] + diff --git a/tech/sqli.wiki b/tech/sqli.wiki new file mode 100644 index 0000000..2d73cd2 --- /dev/null +++ b/tech/sqli.wiki @@ -0,0 +1,9 @@ += SQLI = + +SQLI or SQL injection is a type of attack where sql is placed into a field in +an application, as is directly passed to a DBMS. + +An attack typically works by prematurely terminating a text string and +appending a new command. Because the inserted command may have additional +strings appended to it before it is executed, SQLI attack string generally end +with a comment or `--`.