$book_name = $_GET['book_name'] ?? '';
$special_chars = array("OR", "or", "AND", "and" , "UNION", "SELECT");
$book_name = str_replace($special_chars, '', $book_name);
$sql = "SELECT * FROM books WHERE book_name = '$book_name'";
echo "<p>Generated SQL Query: $sql</p>";
$result = $conn->query($sql) or die("Error: " . $conn->error . " (Error Code: " . $conn->errno . ")");
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
...
..
What makes this code vulnerable?
bunabyte.com
❤9⚡3
Buna Byte Cybersecurity
$book_name = $_GET['book_name'] ?? ''; $special_chars = array("OR", "or", "AND", "and" , "UNION", "SELECT"); $book_name = str_replace($special_chars, '', $book_name); $sql = "SELECT * FROM books WHERE book_name = '$book_name'"; echo "<p>Generated SQL Query:…
Why this code is vulnerable
• User input is directly concatenated into the SQL query
• Once input enters the query string, SQL injection is already possible
Why
• SQL is a grammar-based language, not a keyword list
• Removing words like OR, AND, UNION, SELECT does not change SQL logic
- case-sensitive
- literal
- context-unaware
Attackers can bypass filters using:
- alternative operators
- comments
- encodings
- numeric logic
- functions and comparisons
🙅♂️The critical mistake
• User input is still placed inside quotes
• The database still parses input as executable SQL
• Filtering inside a dangerous context does not make it safe
Additional security issues
• Echoing the SQL query leaks:
- table names
- column names
- filtering logic
• Displaying database errors gives attackers free reconnaissance
Here is the best‑practice version of that code
bunabyte.com
@bunabytecs
• User input is directly concatenated into the SQL query
• Once input enters the query string, SQL injection is already possible
Why
str_replace makes it worse• SQL is a grammar-based language, not a keyword list
• Removing words like OR, AND, UNION, SELECT does not change SQL logic
str_replace is:- case-sensitive
- literal
- context-unaware
Attackers can bypass filters using:
- alternative operators
- comments
- encodings
- numeric logic
- functions and comparisons
🙅♂️The critical mistake
• User input is still placed inside quotes
WHERE book_name = '$book_name'
• The database still parses input as executable SQL
• Filtering inside a dangerous context does not make it safe
Additional security issues
• Echoing the SQL query leaks:
- table names
- column names
- filtering logic
• Displaying database errors gives attackers free reconnaissance
Here is the best‑practice version of that code
$book_name = $_GET['book_name'] ?? '';
$stmt = $conn->prepare(
"SELECT * FROM books WHERE book_name = ?"
);
$stmt->bind_param("s", $book_name);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
// process result
}
}
☕️ $stmt turns user input from code into data.
bunabyte.com
@bunabytecs
🔥8👌4❤1
Buna Byte Resources Channel, You can find book files related to ethical hacking and cybersecurity in this channel.
👉 here: @hacker_habesha
👉 here: @hacker_habesha
👍7👏3❤2
Forwarded from Cyber Vanguard @ CTBE
Are you ready to join today and tomorrow's cybersecurity foot soldiers?
picoCTF-Africa 2026 is back! Bigger, better and upto 80 students to be awarded!
Join our picoCTF-Africa prep info session
📅 24 January
⏰ 11 am Rwanda time ( convert time to your own country )
⛓️💥 bit.ly/picoCTF2026
Registration for the CTF opens on 1 February 2026, so get ready.
Competition runs 9 - 19 March 2026
stay alert. protect your accounts. share this with a friend
https://www.instagram.com/p/DTxI73ZDAS2/?igsh=MWlzYWgwbTZ1c3UyMA==
picoCTF-Africa 2026 is back! Bigger, better and upto 80 students to be awarded!
Join our picoCTF-Africa prep info session
📅 24 January
⏰ 11 am Rwanda time ( convert time to your own country )
⛓️💥 bit.ly/picoCTF2026
Registration for the CTF opens on 1 February 2026, so get ready.
Competition runs 9 - 19 March 2026
stay alert. protect your accounts. share this with a friend
https://www.instagram.com/p/DTxI73ZDAS2/?igsh=MWlzYWgwbTZ1c3UyMA==
🔥7👍3
#Buna_Qurs
The original definition of hacking, emerging in the 1950s-1960s at MIT’s Tech Model Railroad Club, referred to
The original definition of hacking, emerging in the 1950s-1960s at MIT’s Tech Model Railroad Club, referred to
creative, skillful, and often playful modification of technical systems to improve them or make them function in new, unconventional ways.@bunabytecs
❤9🔥2👍1🎉1
⚡️ Buna Byte Academy is coming.
The waitlist is now open.
Join early to get launch updates, early access, and exclusive opportunities reserved for first members.
👉 Join the waitlist: academy.bunabyte.com
#Cybersecurity #Learning @bunabytecs
We are building a focused learning space for:
• Hands-on cybersecurity labs
• Expert-led training
• Structured paths for real-world skills
The waitlist is now open.
Join early to get launch updates, early access, and exclusive opportunities reserved for first members.
👉 Join the waitlist: academy.bunabyte.com
#Cybersecurity #Learning @bunabytecs
❤9🔥4🤩2👍1🙏1
BBJST
A
R
E
Y
O
U
R
E
A
D
Y
❓
🌐: bunabyte.com
☎️: +251923167274
✉️: info@bunabyte.com
#BBJST@bunabytecs
Buna Byte Junior Security Tester Course Batch 04 is coming....👨💻👩💻A
R
E
Y
O
U
R
E
A
D
Y
❓
🌐: bunabyte.com
☎️: +251923167274
✉️: info@bunabyte.com
#BBJST@bunabytecs
🔥8🤩2
THE LONG AWAITED ANNOUNCEMENT IS HERE 🔥
The most intensive Cybersecurity training in Ethiopia BBJST Batch 04 is officially open for registration. 🛡💻
You’ve been asking for it. Now it’s here. This is your chance to stop being a spectator and start becoming a Junior Security Tester.
Why now?
✅ High-demand skill set
✅ Practical, lab-based learning
✅ Limited seats for maximum focus
Stop waiting for the "perfect time." The perfect time is now.
🚀 REGISTER BEFORE SLOTS FILL UP: 👉 bunabyte.com/bbjst
@bunabytecs
The most intensive Cybersecurity training in Ethiopia BBJST Batch 04 is officially open for registration. 🛡💻
You’ve been asking for it. Now it’s here. This is your chance to stop being a spectator and start becoming a Junior Security Tester.
Why now?
✅ High-demand skill set
✅ Practical, lab-based learning
✅ Limited seats for maximum focus
Stop waiting for the "perfect time." The perfect time is now.
🚀 REGISTER BEFORE SLOTS FILL UP: 👉 bunabyte.com/bbjst
@bunabytecs
❤10🔥4⚡1
🟣 The BBJST program is crafted for individuals with a passion for technology and security but who lack formal experience.
We strip away the complexity and focus on actionable, real-world skills used by penetration testers every day.
Register here: bunabyte.com/bbjst
#BBJST@bunabytecs
We strip away the complexity and focus on actionable, real-world skills used by penetration testers every day.
Register here: bunabyte.com/bbjst
#BBJST@bunabytecs
🔥6❤2🎉2
🪫Slides don’t make security testers.
Practice does.
Learn cybersecurity the right way.
🔗 bunabyte.com/bbjst
Practice does.
BBJST focuses on hands-on labs, real-world attack scenarios, and beginner-friendly guidance to help you build actual security skills, not just knowledge.
Learn cybersecurity the right way.
🔗 bunabyte.com/bbjst
⚡6🔥3❤1💯1
Who Should Join BBJST? 🤔
✅ Absolute beginners
✅ IT students
✅ Career switchers
✅ Curious ethical hackers
Learn cybersecurity the right way.
🔗 bunabyte.com/bbjst
✅ Absolute beginners
✅ IT students
✅ Career switchers
✅ Curious ethical hackers
Learn cybersecurity the right way.
🔗 bunabyte.com/bbjst
❤7🎉1
Only 3️⃣ Days Left! Don’t Miss Out!
⚡
Become a Buna Byte Junior Security Tester and kickstart your cybersecurity journey. 🔐
What you’ll get:
🛡 Hands-on hacking experience
🛡 Insider tips from industry pros
🛡 Certificate that stands out
Time is running out⏰
Registration closes in just 3 DAYS!
Secure your spot now before it’s too late limited seats available.
✅ Don’t be the one who hears about it later… be the one who gets ahead today.
https://bunabyte.com/bbjst
@bunabytecs
⚡
Become a Buna Byte Junior Security Tester and kickstart your cybersecurity journey. 🔐
What you’ll get:
🛡 Hands-on hacking experience
🛡 Insider tips from industry pros
🛡 Certificate that stands out
Time is running out⏰
Registration closes in just 3 DAYS!
Secure your spot now before it’s too late limited seats available.
✅ Don’t be the one who hears about it later… be the one who gets ahead today.
https://bunabyte.com/bbjst
@bunabytecs
🔥4❤🔥3❤1
Only 2️⃣ DAYS LEFT
BunaByte Junior Security Tester (BBJST) Registration is about to close 🔒
Gain skills in:
✅Ethical Hacking & Cybersecurity Basics
✅Linux & Windows for Hackers
✅ Network Security & Cryptography
✅ Web & System Hacking
✅ Social Engineering Defense
https://bunabyte.com/bbjst
@bunabytecs
BunaByte Junior Security Tester (BBJST) Registration is about to close 🔒
Gain skills in:
✅Ethical Hacking & Cybersecurity Basics
✅Linux & Windows for Hackers
✅ Network Security & Cryptography
✅ Web & System Hacking
✅ Social Engineering Defense
https://bunabyte.com/bbjst
@bunabytecs
👍5❤🔥3🔥1
ONLY 1⃣ DAY LEFT ALERT!⏰
Registration for BunaByte Junior Security Tester (BBJST) closes tomorrow ⏳
Do you know? 👀
➡️ Cybersecurity experts and Bug Bounty Hunters are some of the most in-demand and highly paid tech professionals today.
➡️ Companies worldwide are desperate for skilled testers who can secure their systems.
This is YOUR chance to step in.😉
https://bunabyte.com/bbjst
@bunabytecs
Registration for BunaByte Junior Security Tester (BBJST) closes tomorrow ⏳
Do you know? 👀
➡️ Cybersecurity experts and Bug Bounty Hunters are some of the most in-demand and highly paid tech professionals today.
➡️ Companies worldwide are desperate for skilled testers who can secure their systems.
This is YOUR chance to step in.😉
https://bunabyte.com/bbjst
@bunabytecs
👍4❤3🔥1
Forwarded from INSA Cyber Talent Center
የኢመደአ/INSA የዊክ ኢንድ/weekend የታለንት ልማት ፕሮግራም ምዝገባ ተጀመረ
ፕሮግራሙ የሚሰጥበት ቀናት - በሳምንቱ መጨረሻ ቅዳሜ እና እሁድ
ፕሮግራሙ የሚሰጠዉ - አዲስ አበባ ኢመደአ ታለንት ማእከል
ፕሮግራሙን መሳተፍ የሚችሉ
1.በሳይበር እና በመሳሰሉት ዘርፎች ዘርፉ ላይ ልዩ ታለንት ያላቸዉ እና የሞካከሯቸዉን ፕሮጀክቶች ማሳየት የሚችሉ
2.ተቋሙ የሚያዘጋጀዉን ፈተና/ቻሌንጅ ማለፍ የሚችሉ
3.ቅዳሜ እና እሁድ ተመላልሰዉ መሳተፍ የሚችሉ
4.ከአንደኛ ደረጃ ጀምሮ እስከ ዩኒቨርስቲ ተመራቂ
ምዝገባዉ የሚደረግበት ፕላትፎርም ለዚሁ ፕሮግራም ተብሎ በተዘጋጀ ፖርታል - https://talent.insa.gov.et
የምዝገባ ጊዜ ከጥር 27 - የካቲት 07 ድረስ
ስለፕሮግራሙ ማብራሪያ ከፈለጉ በታለንት ማእከሉ የቴሌግራም ቻናል
https://t.me/insactc
https://t.me/cteinsa
በመግባት ማግኘት የምትችሉ መሆኑን እናሳዉቃለን። 📢 INSA Weekend Talent Development Program – Registration Open
The Information Network Security Administration (INSA) invites talented individuals to apply for its Weekend Talent Development Program in cyber security and related fields.
🗓 Schedule: Saturdays & Sundays
📍 Location: INSA Talent Center, Addis Ababa
Eligible applicants:
✔️ Talented individuals with demonstrable projects
✔️ Those who pass INSA’s exam/challenge
✔️ Primary school students to university graduates
✔️ Must be available on weekends
📝 Registration: February 04 – February 14
🔗 Apply at: https://talent.insa.gov.et
ℹ️ More info:
https://t.me/insactc
| https://t.me/cteinsa
ፕሮግራሙ የሚሰጥበት ቀናት - በሳምንቱ መጨረሻ ቅዳሜ እና እሁድ
ፕሮግራሙ የሚሰጠዉ - አዲስ አበባ ኢመደአ ታለንት ማእከል
ፕሮግራሙን መሳተፍ የሚችሉ
1.በሳይበር እና በመሳሰሉት ዘርፎች ዘርፉ ላይ ልዩ ታለንት ያላቸዉ እና የሞካከሯቸዉን ፕሮጀክቶች ማሳየት የሚችሉ
2.ተቋሙ የሚያዘጋጀዉን ፈተና/ቻሌንጅ ማለፍ የሚችሉ
3.ቅዳሜ እና እሁድ ተመላልሰዉ መሳተፍ የሚችሉ
4.ከአንደኛ ደረጃ ጀምሮ እስከ ዩኒቨርስቲ ተመራቂ
ምዝገባዉ የሚደረግበት ፕላትፎርም ለዚሁ ፕሮግራም ተብሎ በተዘጋጀ ፖርታል - https://talent.insa.gov.et
የምዝገባ ጊዜ ከጥር 27 - የካቲት 07 ድረስ
ስለፕሮግራሙ ማብራሪያ ከፈለጉ በታለንት ማእከሉ የቴሌግራም ቻናል
https://t.me/insactc
https://t.me/cteinsa
በመግባት ማግኘት የምትችሉ መሆኑን እናሳዉቃለን። 📢 INSA Weekend Talent Development Program – Registration Open
The Information Network Security Administration (INSA) invites talented individuals to apply for its Weekend Talent Development Program in cyber security and related fields.
🗓 Schedule: Saturdays & Sundays
📍 Location: INSA Talent Center, Addis Ababa
Eligible applicants:
✔️ Talented individuals with demonstrable projects
✔️ Those who pass INSA’s exam/challenge
✔️ Primary school students to university graduates
✔️ Must be available on weekends
📝 Registration: February 04 – February 14
🔗 Apply at: https://talent.insa.gov.et
ℹ️ More info:
https://t.me/insactc
| https://t.me/cteinsa
🔥2👍1