Create accountLogin

Recent searches

No recent searches

Search options

Not available on mastodon.bida.im.
mastodon.bida.im is part of the decentralized social network powered by Mastodon.
Un'istanza mastodon antifascista. autogestita, italofona con base a Bologna. Rispettosa di privacy e anonimato.

Administered by:

Server stats:

877
active users
Learn more

mastodon.bida.im: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.2.17

#infosec

348 posts125 participants2 posts today
Vasileiadis A. (Cyberkid)

SQL Injection (SQLi) 💉 – Everything You Need to Know

What is SQL Injection?
SQL Injection is a code injection technique that allows attackers to interfere with the queries an application makes to its database.

Types of SQLi:

1. In-band SQLi – Most common and easy to exploit.

2. Blind SQLi – Data isn’t visibly returned but can still be extracted through inference.

3. Out-of-band SQLi – Uses external servers to get results (less common but powerful).

4. Time-Based Blind SQLi – Server delay used to infer info from the database.

Attack Scenarios:
▫️Bypassing logins
▫️Dumping database contents
▫️Modifying or deleting data
▫️Escalating privileges
▫️Accessing admin panels

Common SQLi Targets:
🔹Login forms
🔹Search boxes
🔹URL parameters
🔹Cookies
🔹Contact or feedback forms

How to Prevent SQLi:
▪️Use parameterized queries
▪️Employ ORM frameworks
▪️Sanitize all user inputs
▪️Set least privilege for DB users
▪️Use Web Application Firewalls (WAF)

♦️Red Team Tip
Test all user input points, especially where data touches the database. Think beyond login forms—SQLi hides in unexpected places.

🔖Hashtags:
#SQLInjection #CyberSecurity #EthicalHacking #InfoSec #WebSecurity #RedTeam #BugBounty #Pentesting

⚠️Disclaimer:
This content is for educational purposes only. Always perform security testing with explicit permission. Unauthorized testing is illegal and unethical.

dreid

Just got a data breach notification from Lee Valley.

Full name address, credit card details from a cloud server that was popped from Oct 8, 2024 to March 12, 2025.

If you bought stuff from the Lee Valley website in that time be on the lookout for a breach notification and get ready to freeze/replace your credit card.

From the notification it sounds like the attacker was able to add code to the website frontend to siphon off credit card info.

#woodworking#databreach#infosec
Vasileiadis A. (Cyberkid)

Everything About SQL Injection 💉

What is SQL Injection?
SQL Injection is a web vulnerability that lets attackers manipulate database queries. This can lead to unauthorized access, data leaks, or even full control of the system.

🔬Types of SQL Injection

1️⃣ Classic SQLi – Injecting raw SQL commands.
2️⃣ Blind SQLi – No errors, but the response changes.
3️⃣ Time-Based SQLi – Uses response delays to extract data.
4️⃣ Union-Based SQLi – Merges malicious queries with valid ones.
5️⃣ Out-of-Band SQLi – Exfiltrates data through DNS, HTTP, etc.

♦️Potential Impact
▫️Access & dump sensitive data
▫️Bypass login systems
▫️Alter or delete database entries
▫️Full system compromise

🔰Common Entry Points
▫️Login forms
▫️Search inputs
▫️Contact forms
▫️URL query parameters

Defense Strategies 🛡
✅ Use parameterized queries
✅ Validate & sanitize inputs
✅ Apply least privilege to DB accounts
✅ Monitor logs for anomalies
✅ Perform regular security audits

📀Image Description (for visual):
🔹A sleek cyber-themed layout with:
🔹A hacker icon injecting code
🔹A login form being exploited
🔹Database icons showing exposed data
🔹A shield labeled “Prepared Statements” blocking the attack

🔖Tags
#SQLInjection #CyberSecurity #EthicalHacking #WebSecurity #BugBounty #InfoSec #Pentesting #OWASP #DatabaseSecurity #HackerTips

⚠️Disclaimer
This content is for educational and ethical purposes only. Do not attempt to exploit vulnerabilities without proper authorization. Always follow legal and ethical guidelines when testing or learning about cybersecurity.

SearchLive feeds
About