gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2025-12-29 22:20:26 -08:00
Code Issues Packages Projects Releases Wiki Activity

Normalize page header for SQLi, Upload, Cache Deception

Browse Source
This commit is contained in:
Swissky
2024-11-10 20:49:52 +01:00
parent a338b2f12a
commit 48a4e5c95b
14 changed files with 118 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
SQL Injection/BigQuery Injection.md
View File

@@ -1,4 +1,6 @@
# Google BigQuery SQL Injection
# Google BigQuery SQL Injection
> Google BigQuery SQL Injection is a type of security vulnerability where an attacker can execute arbitrary SQL queries on a Google BigQuery database by manipulating user inputs that are incorporated into SQL queries without proper sanitization. This can lead to unauthorized data access, data manipulation, or other malicious activities.
## Summary
@@ -10,6 +12,7 @@
* [BigQuery Time Based](#bigquery-time-based)
* [References](#references)
## Detection
* Use a classic single quote to trigger an error: `'`
@@ -62,6 +65,7 @@ dataset_name.column_name` union all select CAST(@@project_id AS INT64) ORDER BY
* Time based functions does not exist in the BigQuery syntax.
## References
* [BigQuery SQL Injection Cheat Sheet - Ozgur Alp - February 14, 2022](https://ozguralp.medium.com/bigquery-sql-injection-cheat-sheet-65ad70e11eac)