Hey Guys - I have been getting requests for more details on how to perform manual SQL Injections. I have gathered what I beleive to be the best of what is out there and compiled it in my own form. I have and am working on compiling it all into a educational type format so others can benifit from it while at the same time giving myself my own online reference guide available at any time (and to anyone else interested). I will be giving these tutorials there own pages as I find the material to be a good reference. I just posted the first few outlining some basic techniques and plan to add several more pages as the summer continues and time permits. In order to give you an idea of what is going to be covered I have already posted basic injections, WAF Bypassing, Blind & Time-Based Injections and still plan on covering , Double-Queries or Stacked Queries, Xpath Injections, as well as providing some general reference guides for handling Postgres & Oracle database injections. Please check the top of the page to see the new pages that are currently available and check back often to see what else has been added. I hope you find them all useful and appreciate the time that is going into packaging it all up for you. As always, Enjoy!
Here is what's available so far:
Basic SQL Injection 101
SQLi & WAF Bypassing
BLIND & Time-Based SQL Injections
SQLi using LOAD FILE & INTO OUTFILE