BestHub
Sign in
Tagged articles
122 articles
Page 2 of 2
MaGe Linux Operations
MaGe Linux Operations
Oct 18, 2017 · Information Security

How Zabbix Guest Access Enables Unauthenticated SQL Injection – Full Exploit Walkthrough

This article details a high‑severity SQL injection vulnerability in Zabbix’s jsrpc.php profileIdx2 parameter that allows unauthenticated attackers to gain system privileges, outlines its impact, demonstrates testing methods with screenshots, analyzes the vulnerable code paths, and recommends mitigation steps such as upgrading, patching, and disabling the guest account.

Guest accessInformation SecuritySQL injection
0 likes · 5 min read
How Zabbix Guest Access Enables Unauthenticated SQL Injection – Full Exploit Walkthrough
ITPUB
ITPUB
Sep 4, 2017 · Information Security

How I Exploited Oracle Advanced Support to Run Remote SQL via Hidden JavaScript

During an external penetration test I discovered an Oracle Advanced Support service, reverse‑engineered its JavaScript endpoints, crafted GET and POST requests to create and execute named SQL statements, and ultimately extracted database version, user information, and password hashes, highlighting a critical web‑application flaw.

API abuseJavaScript analysisOracle
0 likes · 14 min read
How I Exploited Oracle Advanced Support to Run Remote SQL via Hidden JavaScript
Architecture Digest
Architecture Digest
Aug 11, 2017 · Information Security

Common Web Attacks and Their Mitigation Techniques

The article introduces major web security threats such as XSS, injection, CSRF, explains their mechanisms with examples, and presents defensive measures including input sanitization, HttpOnly cookies, web application firewalls, and encryption methods like hashing, symmetric and asymmetric cryptography.

CSRFSQL injectionWAF
0 likes · 10 min read
Common Web Attacks and Their Mitigation Techniques
WeChat Client Technology Team
WeChat Client Technology Team
Jun 15, 2017 · Databases

How WCDB’s WINQ Eliminates SQL String Concatenation and Injection Risks

This article examines WCDB’s design principles for efficient, complete, and easy-to-use client-side databases, explains the pitfalls of SQL string concatenation such as code redundancy, debugging difficulty, and injection attacks, and describes how WCDB’s WINQ abstraction and ORM layer safely encapsulate SQLite syntax to enable concise, compile-time-checked queries.

C++SQL injectionSQLite
0 likes · 10 min read
How WCDB’s WINQ Eliminates SQL String Concatenation and Injection Risks
dbaplus Community
dbaplus Community
Apr 4, 2017 · Information Security

Mastering Database Injection: Real‑World Attacks, Tools, and Defense Strategies

This comprehensive guide explains why database injection remains a critical security threat, illustrates real‑world attack techniques and toolchains, and provides layered defensive measures—from secure coding and DB‑proxy solutions to web‑server filtering, WAF deployment, and log‑analysis pipelines.

Defense StrategiesSQL injectionSQLMap
0 likes · 24 min read
Mastering Database Injection: Real‑World Attacks, Tools, and Defense Strategies
ITPUB
ITPUB
Mar 20, 2017 · Information Security

Essential Web Penetration Testing Q&A: From Recon to Exploit Techniques

This article compiles 42 practical questions and answers covering information gathering, vulnerability identification, exploitation tactics, and remediation advice for web applications, databases, servers, and common security mechanisms, providing a concise reference for penetration testers and security engineers.

CMS EnumerationInformation SecuritySQL injection
0 likes · 17 min read
Essential Web Penetration Testing Q&A: From Recon to Exploit Techniques
MaGe Linux Operations
MaGe Linux Operations
Mar 17, 2017 · Information Security

How to Prevent SQL Injection in Python Web Applications

This article explains why SQL injection occurs in Python web development, demonstrates vulnerable code using string concatenation, shows the resulting errors, and provides two effective solutions—input escaping and MySQLdb's parameterized queries—to secure your applications.

MySQLParameterized QueriesPython
0 likes · 5 min read
How to Prevent SQL Injection in Python Web Applications
Efficient Ops
Efficient Ops
Mar 5, 2017 · Operations

Surviving Hundred‑Billion Transactions: Real Production Incident Stories

This article recounts a series of real‑world production incidents—including massive concurrency overloads, DDoS attacks, SQL injection breaches, and critical bugs—encountered by an internet finance platform, and shares the concrete technical fixes and lessons learned to improve system resilience.

DDoSOptimistic LockSQL injection
0 likes · 22 min read
Surviving Hundred‑Billion Transactions: Real Production Incident Stories
ITPUB
ITPUB
Mar 3, 2017 · Information Security

How Attackers Exploit SQL Injection and XSS – Techniques and Defenses

This article explains the mechanics of SQL injection and XSS attacks, demonstrates common exploitation methods such as table‑name guessing, error‑based and union queries, shows a vulnerable authentication script, and provides practical defensive coding techniques to mitigate these threats.

Authentication BypassSQL injectionWeb Security
0 likes · 10 min read
How Attackers Exploit SQL Injection and XSS – Techniques and Defenses
ITPUB
ITPUB
Feb 6, 2017 · Information Security

Mastering SQL Injection: Types, Techniques, and Real‑World Examples

This article provides a practical introduction to SQL injection, covering its fundamentals, common attack vectors such as Boolean‑based, error‑based, and UNION‑based injections, step‑by‑step exploitation examples with PHP code, and tips for constructing payloads and understanding their impact on vulnerable web applications.

Boolean-basedDatabase ExploitationError-based
0 likes · 13 min read
Mastering SQL Injection: Types, Techniques, and Real‑World Examples
360 Quality & Efficiency
360 Quality & Efficiency
Nov 1, 2016 · Information Security

Understanding SQL Injection Attacks and Defensive Techniques

The article reviews the author’s experience with security testing, explains the severe risks of SQL injection, demonstrates vulnerable server‑side code, and provides practical remediation methods such as input sanitization, type casting, and using prepared statements with PDO.

PDOSQL injectionWeb Security
0 likes · 5 min read
Understanding SQL Injection Attacks and Defensive Techniques
ITPUB
ITPUB
Aug 22, 2016 · Information Security

How to Exploit and Patch Zabbix’s JSRPC ProfileIdx2 SQL Injection Vulnerability

This article explains the unauthenticated SQL injection flaw in Zabbix's JSRPC profileIdx2 parameter, details its high impact on versions 2.2.x and 3.0.0‑3.0.3, provides a step‑by‑step proof‑of‑concept exploit, and recommends upgrading to version 3.0.4 to remediate the issue.

Information SecuritySQL injectionVulnerability
0 likes · 4 min read
How to Exploit and Patch Zabbix’s JSRPC ProfileIdx2 SQL Injection Vulnerability
ITPUB
ITPUB
Jul 12, 2016 · Information Security

How to Prevent SQL Injection Attacks in PHP: Practical Tips and Code Examples

This article explains what SQL injection is, shows vulnerable PHP code examples, and provides concrete prevention techniques—including input validation, parameterized queries, limited database privileges, error handling, and proper escaping of special characters—to protect web applications from attacks.

PHPPrepared StatementsSQL injection
0 likes · 5 min read
How to Prevent SQL Injection Attacks in PHP: Practical Tips and Code Examples
Art of Distributed System Architecture Design
Art of Distributed System Architecture Design
May 23, 2016 · Information Security

Testing HTTP Header Parameters for SQL Injection: Coverage, Tools, and Best Practices

The article examines how HTTP header and cookie parameters can serve as SQL injection vectors, evaluates the coverage of commercial and open‑source web vulnerability scanners, demonstrates manual testing techniques, and recommends tools such as sqlmap for comprehensive security assessments.

SQL injectionSQLMapWeb Security
0 likes · 13 min read
Testing HTTP Header Parameters for SQL Injection: Coverage, Tools, and Best Practices
ITPUB
ITPUB
May 5, 2016 · Information Security

Understanding SQL Injection Through a Simple Robot Analogy

The article uses a warehouse‑robot analogy to illustrate how mixing user‑supplied data with commands leads to SQL injection and explains that separating commands from data via parameterized queries prevents this security flaw.

Parameterized QuerySQL injectionSecurity
0 likes · 5 min read
Understanding SQL Injection Through a Simple Robot Analogy
Big Data and Microservices
Big Data and Microservices
Mar 28, 2016 · Information Security

Understanding Database SQL Injection: Types, Examples, and Defense Strategies

The article examines why databases are frequent targets of security breaches, explains the most common SQL injection vulnerability, categorizes injection paths, methods, and examples—including manipulation, code, function‑call, and buffer‑overflow attacks—then outlines practical defense measures such as input encryption, database firewalls, and patching.

Code InjectionDefenseInformation Security
0 likes · 14 min read
Understanding Database SQL Injection: Types, Examples, and Defense Strategies
ITPUB
ITPUB
Dec 28, 2015 · Information Security

How to Start Learning Hacking: Foundations, Mindset, and Essential Skills

This guide outlines the fundamental concepts, mindset, and step‑by‑step skills needed for beginners to start learning hacking and information security, covering everything from basic network knowledge to legal considerations.

Information SecurityNetwork fundamentalsSQL injection
0 likes · 10 min read
How to Start Learning Hacking: Foundations, Mindset, and Essential Skills
High Availability Architecture
High Availability Architecture
Jul 30, 2015 · Information Security

Web Application Security Threats and Mitigation Strategies

This article outlines the most common web application security threats—including XSS, SQL injection, CSRF, transmission hijacking, credential leaks, brute‑force attacks, and token theft—and provides practical mitigation techniques such as proper escaping, CSP, parameterized queries, CSRF tokens, HTTPS, HSTS, HPKP, encrypted password storage, two‑factor authentication, and robust token handling.

CSPCSRFHTTPS
0 likes · 26 min read
Web Application Security Threats and Mitigation Strategies
Art of Distributed System Architecture Design
Art of Distributed System Architecture Design
Jul 16, 2015 · Information Security

Beyond GET/POST: Testing HTTP Headers and Cookies for SQL Injection

This article examines how web vulnerability scanners handle non‑traditional input vectors such as HTTP headers and cookies, demonstrates manual exploitation techniques for header‑based SQL injection, compares scanner coverage and accuracy, and offers practical guidance for developers and penetration testers.

SQL injectionSQLMapWeb Security
0 likes · 14 min read
Beyond GET/POST: Testing HTTP Headers and Cookies for SQL Injection