SQLi Data Exfiltration via DNS

SQLi Data Exfiltration via DNS

By Mike Saunders | November 30, 2018

Did you know you can use DNS queries to exfiltrate data from a database via SQLi? No? Then continue reading! I’ll walk through some techniques you can use to enumerate […]

Learn More
SQLi Data Exfiltration via DNS

Capturing SQL Server User Hash with SQLi

By Mike Saunders | September 5, 2018

On a recent external web app pen test, I found a possible SQL injection vulnerability using the Burp Scanner. One of the tests triggered an A record lookup for the […]

Learn More
Capturing SQL Server User Hash with SQLi