滲透測試SQL-injection相關資料

portswigger (攻略 https://feifei.tw/sql-injection/ )
可接在portswigger以後做
https://redtiger.labs.overthewire.org
3.DVWA
4.WebGoat
5.sqli-labs ( https://luckyfuture.top/sqli-summary#Bool%E7%9B%B2%E6%B3%A8 )
sqli-labs 攻略 https://poet.gitbook.io/sqli-labs/writeup-1/lesson-27

SQL Injection Cheat Sheet
https://reurl.cc/b9ovLX
https://reurl.cc/RzoNxe
https://reurl.cc/o73jl5
https://github.com/punk-AJ/oscpnotes/blob/master/SQL
https://reurl.cc/XEbzOg
https://github.com/payloadbox/sql-injection-payload-list
( http://www.hackdig.com/06/hack-393385.htm 是上面連結的中文版)
https://github.com/PenTestical/sqli/blob/main/hugeSQL.txt
(fuzzing，結合wfuzz使用)
https://blog.csdn.net/weixin_43167326/article/details/128873597
https://reurl.cc/67ZOAd

SQL Injection繞過各式過濾
https://m.freebuf.com/articles/web/360506.html
https://xz.aliyun.com/t/12149
https://zhuanlan.zhihu.com/p/625412460
https://www.hackingarticles.in/bypass-filter-sql-injection-manually/
https://reurl.cc/l7lZOd
(Bypassing SQL Injection filters、BasicObfuscation.wiki)
https://blog.51cto.com/u_15069486/4303870 (MySQL绕过)
https://reurl.cc/Y0RYW0 (Mysql注入过滤 · Wiki | janes)
https://www.tr0jan.top/archives/5/ (sql注入常见注释及绕过)

sql injection訣竅與字典檔

https://shawnvoong.medium.com/how-to-pass-the-2023-oscp-pen-200-on-the-first-try-part-1-enumeration-a0b272a86cf7
=>
https://reurl.cc/YV47bD
其他網頁應用程式滲透測試訣竅

其他網頁應用程式滲透測試訣竅

https://shawnvoong.medium.com/how-to-pass-the-2023-oscp-on-the-first-try-part-2-
1-13463e330e1a
=>
https://reurl.cc/094gGl

sql injection漏洞偵測，試用看看
https://github.com/the-robot/sqliv
https://github.com/nycto-hackerone/nycto-dork/tree/master?tab=readme-ov-file
=>
https://reurl.cc/K4dK5n

Get method之sql injection漏洞測試語句(Burp用)
(注意最後面有一個空白，如果不用Burp要用手工，最後面空格要改成+號)
and 1=1 --
and 1=2 --
' and 1=1 --
' and 1=2 --
" and 1=1 --
" and 1=2 --
) and 1=1 --
) and 1=2 --
') and 1=1 --
') and 1=2 --
") and 1=1 --
") and 1=2 --
')) and 1=1 --
')) and 1=2 --
")) and 1=1 --
")) and 1=2 --
} and 1=1 --
} and 1=2 --