https://sqlwiki.netspi.com step by step簡介
https://sqlwiki.radare.cn/#/ 上面的中文版
整個OSCP的guide 包括SQLi
https://sushant747.gitbooks.io/total-oscp-guide/content/sql-injections.html
https://github.com/aleenzz/MSSQL_SQL_BYPASS_WIKI
SQLi心智圖
https://reurl.cc/v65Xoe
它在 https://github.com/phith0n/Mind-Map 裡
挑戰: (可參照 https://reurl.cc/ka0vpb )
(另可參照 https://www.wangan.com/p/7fy7fx2460c5d94c )
- portswigger (攻略 https://feifei.tw/sql-injection/ )
- 可接在portswigger以後做
https://redtiger.labs.overthewire.org
3.DVWA
4.WebGoat
5.sqli-labs ( https://luckyfuture.top/sqli-summary#Bool%E7%9B%B2%E6%B3%A8 )
sqli-labs 攻略 https://poet.gitbook.io/sqli-labs/writeup-1/lesson-27
SQL Injection Cheat Sheet
https://reurl.cc/b9ovLX
https://reurl.cc/RzoNxe
https://reurl.cc/o73jl5
https://github.com/punk-AJ/oscpnotes/blob/master/SQL
https://reurl.cc/XEbzOg
https://github.com/payloadbox/sql-injection-payload-list
( http://www.hackdig.com/06/hack-393385.htm 是上面連結的中文版)
https://github.com/PenTestical/sqli/blob/main/hugeSQL.txt
(fuzzing,結合wfuzz使用)
https://blog.csdn.net/weixin_43167326/article/details/128873597
https://reurl.cc/67ZOAd
SQL Injection繞過各式過濾
https://m.freebuf.com/articles/web/360506.html
https://xz.aliyun.com/t/12149
https://zhuanlan.zhihu.com/p/625412460
https://www.hackingarticles.in/bypass-filter-sql-injection-manually/
https://reurl.cc/l7lZOd
(Bypassing SQL Injection filters、BasicObfuscation.wiki)
https://blog.51cto.com/u_15069486/4303870 (MySQL绕过)
https://reurl.cc/Y0RYW0 (Mysql注入过滤 · Wiki | janes)
https://www.tr0jan.top/archives/5/ (sql注入常见注释及绕过)
sql injection訣竅與字典檔
https://shawnvoong.medium.com/how-to-pass-the-2023-oscp-pen-200-on-the-first-try-part-1-enumeration-a0b272a86cf7
=>
https://reurl.cc/YV47bD
其他網頁應用程式滲透測試訣竅
其他網頁應用程式滲透測試訣竅
https://shawnvoong.medium.com/how-to-pass-the-2023-oscp-on-the-first-try-part-2-
1-13463e330e1a
=>
https://reurl.cc/094gGl
sql injection漏洞偵測,試用看看
https://github.com/the-robot/sqliv
https://github.com/nycto-hackerone/nycto-dork/tree/master?tab=readme-ov-file
=>
https://reurl.cc/K4dK5n
Get method之sql injection漏洞測試語句(Burp用)
(注意最後面有一個空白,如果不用Burp要用手工,最後面空格要改成+號)
and 1=1 --
and 1=2 --
' and 1=1 --
' and 1=2 --
" and 1=1 --
" and 1=2 --
) and 1=1 --
) and 1=2 --
') and 1=1 --
') and 1=2 --
") and 1=1 --
") and 1=2 --
')) and 1=1 --
')) and 1=2 --
")) and 1=1 --
")) and 1=2 --
} and 1=1 --
} and 1=2 --