SQL Cheat Sheet: OSINT
Open Source Intelligence (OSINT) is the practice of collecting and analyzing publicly available information from various sources to support intelligence gathering, research, or other purposes.
Technical Terms:
- TACGAS**: Target Address, Cell Group, and Stack. A way to identify SQL injection attacks.
- SQLMap**: An open-source tool for identifying and exploiting SQL injection vulnerabilities.
- OWASP Top 10**: A list of the top 10 most critical web application security risks, including SQL injection.
- SQL Spoofing**: A type of attack where an attacker attempts to trick a database into executing malicious SQL code by manipulating the input parameters.
Common SQL Error Messages:
- "Undefined column" error: This error occurs when the database tries to access a non-existent column in a table.
- "Invalid query" error: This error occurs when the database receives an invalid or malformed SQL query.
- "SQL syntax error" error: This error occurs when the database encounters an error with the SQL syntax, such as missing keywords or incorrect data types.
SQL Injection Techniques:
- Classical SQL injection**: An attacker injects malicious SQL code using user input, often by manipulating form fields or query parameters.
- Blind SQL injection**: An attacker attempts to extract information from the database without directly executing malicious SQL code, often by analyzing error messages or network traffic.