.png)
1 month ago
24 BOOK THIS SPACE FOR AD
ARTICLE AD
This article will elaborate how I observe specific keywords and endpoints that helps in guessing the database type without any automated fingerprinting.
Find endpoints where most likely it will be interacting with the database for this endpoint to function.
site:domain.com "login"site:domain.com -www "login"
site:domain.com -www "signin"
site:domain.com -www "password"
site:domain.com -www "reset"
Capture and intercept the request using Burpsuite
What do you observe here that is worth googling to narrow down the attack?
Now we minimize part by part by and search with some variations to get some information about what we are dealing with.
"/wd/plsql/" site:exploit-db.com
"/wd/plsql" poc exploit
"plsql" server
We save this endpoint along with the product used, when new CVE is assigned with public exploit, we immediately attack it (Only if in scope)
oracle sql server injection payloads site:github.comoracle sql server injection payloads site:twitter.com
oracle sql server injection payloads site:x.com
Basic Googling: Sort/Filter by date and get the latest crawled results.
Check the complete video about where and how to inject the payloads with basic encoding.
Bengali (Bangladesh) · 
English (United States) ·