β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#ORM Injection best 2020 Learning free practical resources :
- [HQL for pentesters](http://blog.h3xstream.com/2014/02/hql-for-pentesters.html) -
- [HQL : Hyperinsane Query Language (or how to access the whole SQL API within a HQL injection ?)](https://www.synacktiv.com/ressources/hql2sql_sstic_2015_en.pdf) - Written by [@_m0bius](https://twitter.com/_m0bius).
- [ORM2Pwn: Exploiting injections in Hibernate ORM](https://www.slideshare.net/0ang3el/orm2pwn-exploiting-injections-in-hibernate-orm)
- [ORM Injection](https://www.slideshare.net/simone.onofri/orm-injection)
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦#ORM Injection best 2020 Learning free practical resources :
- [HQL for pentesters](http://blog.h3xstream.com/2014/02/hql-for-pentesters.html) -
- [HQL : Hyperinsane Query Language (or how to access the whole SQL API within a HQL injection ?)](https://www.synacktiv.com/ressources/hql2sql_sstic_2015_en.pdf) - Written by [@_m0bius](https://twitter.com/_m0bius).
- [ORM2Pwn: Exploiting injections in Hibernate ORM](https://www.slideshare.net/0ang3el/orm2pwn-exploiting-injections-in-hibernate-orm)
- [ORM Injection](https://www.slideshare.net/simone.onofri/orm-injection)
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
H3Xstream
h3xStream's blog: HQL for pentesters
SQL injection is a highly coveted type of attack. Plenty of resources exist to take advantage of an injection on common DBMS (MySQL, Oracle,...