SQL Cheat Sheet: OSINT

Open Source Intelligence (OSINT) is the practice of collecting and analyzing publicly available information from various sources to support intelligence gathering, research, or other purposes.

Technical Terms:

• TACGAS**: Target Address, Cell Group, and Stack. A way to identify SQL injection attacks.
• SQLMap**: An open-source tool for identifying and exploiting SQL injection vulnerabilities.
• OWASP Top 10**: A list of the top 10 most critical web application security risks, including SQL injection.
• SQL Spoofing**: A type of attack where an attacker attempts to trick a database into executing malicious SQL code by manipulating the input parameters.

Common SQL Error Messages:

• "Undefined column" error: This error occurs when the database tries to access a non-existent column in a table.
• "Invalid query" error: This error occurs when the database receives an invalid or malformed SQL query.
• "SQL syntax error" error: This error occurs when the database encounters an error with the SQL syntax, such as missing keywords or incorrect data types.

SQL Injection Techniques:

• Classical SQL injection**: An attacker injects malicious SQL code using user input, often by manipulating form fields or query parameters.
• Blind SQL injection**: An attacker attempts to extract information from the database without directly executing malicious SQL code, often by analyzing error messages or network traffic.