SQLi Data Exfiltration via DNS
By Mike Saunders | November 30, 2018
Did you know you can use DNS queries to exfiltrate data from a database via SQLi? No? Then continue reading! I’ll walk through some techniques you can use to enumerate […]
Learn MoreCapturing SQL Server User Hash with SQLi
By Mike Saunders | September 5, 2018
On a recent external web app pen test, I found a possible SQL injection vulnerability using the Burp Scanner. One of the tests triggered an A record lookup for the […]
Learn More