💻
OSWE Everything
💻
OSWE Everything
  • VULNERABILITIES
    • Type Juggling
    • Cross Site Scripting
      • Hunting for files
    • Insecure Deserialization
      • .NET
    • SQL Injection
      • Blind SQL Injection
      • SQLi debugging
      • Code review
      • Errors and additional information
      • Approaches to leverage different databases
    • XML External Entity (XXE)
      • Types of XML Entities
      • Exploitation
      • Wrappers for errors
      • Post Exploitation
    • OS Command Injection
      • Exploitation
    • Server Side Template Injection
      • Exploitation
    • Authentication Bypass
      • Checklist
  • Unsecure Random Function
    • Exploitation
  • Cross Origin Resource Sharing (CORS)
    • Prerequisites of Exploitation
  • Client Side Request Forgery (CSRF)
    • Prerequisites of Exploitation
  • Exploit Writing
    • Cheatsheet
    • Skeleton Scripts
  • Code review
    • Manual code review
      • Routing
      • Searching for exploits
      • Debugging
    • Decompilation
      • Java
      • .NET
    • Managing the application
      • Identifying application file location
      • Restarting web applications
      • Manipulation of Assembly Attributes for Debugging (.NET)
  • Preparation Machines
    • [HTB] Vault
    • Other HTB scripts
  • ADDITIONAL INFORMATION
    • Sources
  • External Resources
    • WhiteBox Pentest
Powered by GitBook
On this page
  • Enable SQLi logs
  • Logs location
  • Running commands against SQL database with GUI
  1. VULNERABILITIES
  2. SQL Injection

SQLi debugging

PreviousBlind SQL InjectionNextCode review

Last updated 2 months ago

Enable SQLi logs

When we want to access queries which are transmitted to SQL database by application sometimes we have to modify the SQL file.

For example when it comes to PostgreSQL we are able to modify postgresql.conf file which includes the log_statement property. In order to show all logs that are going to database we configure it in the following way:

log_statement = 'all' # none, ddl, mod, all

Remember that after modification our changes are not saved until we restart the service:

How to restart the service:

Logs location

When it comes to PostgreSQL you can find logs in the pgsql_log directory. When it comes to other databases you have to do your own research through web search.

Running commands against SQL database with GUI

Sometimes you are able to execute queries on the application SQL server with provided credentials. In that case pgadmin software can help you.

Restarting web applications