resources-exploit-web-sqli.md

SQLi Web Exploitation Resources

Guides

• NetSPI SQL Injection Wiki
• Exploiting hard filtered SQL Injections
• From SQL Injection to Ownage Using SQLMap
• Advanced SQL Injection - Chris Anley
• Advanced SQL Injection - Bernardo Damele Guimaraes
• MySQL Injection - Simple Load File and Into OutFile
• Full SQL Injection Tutorial (MySQL)
• Ultimate SQLi Payload
• SQL Injection to perform SSRF/XSPA
• Leveraging Exposed WADL XML in Burp Suite
• orangetw ctf web
• Advanced MSSQL Injection Tricks (ptswarm)

SQLi Bypasses

• Customizing SQLMap to bypass weak (but effective) input filters
• SQLi filter evasion cheat sheet (MySQL)
• How to Bypass SQL Injection Filter Manually

SQLi Cheat Sheet

• [https://www.exploit-db.com/papers/13650/](Full SQL Injections Cheatsheet)
• SQL Injection Authentication Bypass Cheat Sheet