/Hibernate-Injection-Study

Study about HQL injection exploitation.

Primary LanguagePerl

Hibernate injection study

Some tricks on how to exploit HQL injection as blind SQL injection for different DBMSs.

  • hqli_sql_server_demo.pl - PoC script for exploiting HQLi in MS SQL Server RDBMS.
  • hibernate.py - sqlmap tamper script for using UNICODE exploitation technique
  • queries.xml - modified queries.xml for using UNICODE exploitation technique