wstg Adding Hidden Union Exploitation Technique

Fixes #871.

[x] This PR handles the issue and requires no additional PRs.
[x] You have validated the need for this change.

What did this PR accomplish?

introducing a new SQL injection technique - hidden union-based injection

Mar 13 '22 13:03 the-rend

This PR requires massive work for the regular user to read it. The topic is delivered in a really complex manner, and doesn't dive into how it should be done.

We don't rely on external references to explain things, unless they're additional information for the reader to understand a concept, not when it's the main attack or vulnerability being described.

Kindly give this an update with an easier to read introduction, and with better step-by-step guide to accomplishing this attack.

We'd be more than happy to help out.

Mar 17 '22 22:03 ThunderSon

ok, I'll update it. is there any limitation on the content length?

Mar 18 '22 18:03 the-rend

The following issues were identified: document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:268 MD032/blanks-around-lists Lists should be surrounded by blank lines [Context: "1. The vulnerable query return..."] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:276 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:276 MD040/fenced-code-language Fenced code blocks should have a language specified [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:290 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:291 MD032/blanks-around-lists Lists should be surrounded by blank lines [Context: "- Problem: If you inject a ..."] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:296 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:296 MD040/fenced-code-language Fenced code blocks should have a language specified [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:309 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:310 MD032/blanks-around-lists Lists should be surrounded by blank lines [Context: "- *Problem:* You break the que..."] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:315 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:315 MD040/fenced-code-language Fenced code blocks should have a language specified [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:338 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:339 MD032/blanks-around-lists Lists should be surrounded by blank lines [Context: "- *Problem:* You can add a UN..."] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:344 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:344 MD040/fenced-code-language Fenced code blocks should have a language specified [Context: " triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:346 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:348 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:348 MD040/fenced-code-language Fenced code blocks should have a language specified [Context: " triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:350 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:352 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:352 MD040/fenced-code-language Fenced code blocks should have a language specified [Context: " triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:364 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:366 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:366 MD040/fenced-code-language Fenced code blocks should have a language specified [Context: " triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:377 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:379 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:379 MD040/fenced-code-language Fenced code blocks should have a language specified [Context: " triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:393 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:393 MD040/fenced-code-language Fenced code blocks should have a language specified [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:414 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:415 MD032/blanks-around-lists Lists should be surrounded by blank lines [Context: "- Problem: Appending a `UNIO..."] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:430 MD036/no-emphasis-as-heading/no-emphasis-as-header Emphasis used instead of a heading [Context: "Automation"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:431 MD032/blanks-around-lists Lists should be surrounded by blank lines [Context: "1. Extract the original query ..."] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:441 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:441 MD040/fenced-code-language Fenced code blocks should have a language specified [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:443 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:445 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:445 MD040/fenced-code-language Fenced code blocks should have a language specified [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:447 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:449 MD032/blanks-around-lists Lists should be surrounded by blank lines [Context: "- *custom injection point mark..."] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:450 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:450 MD040/fenced-code-language Fenced code blocks should have a language specified [Context: " triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:452 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:454 MD031/blanks-around-fences Fenced code blocks should be surrounded by blank lines [Context: "triple-backtick"] document/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05-Testing_for_SQL_Injection.md:454 MD040/fenced-code-language Fenced code blocks should have a language specified [Context: " triple-backtick"]

Mar 23 '22 13:03 github-actions[bot]

@ThunderSon I updated the content. let me know if anything needs to be changed.

Mar 23 '22 13:03 the-rend

Yup you need to fix all the issues identified by the linter.

Apr 09 '22 20:04 kingthorin

ok, I'll fix them.

Apr 13 '22 12:04 the-rend

@kingthorin done.

Apr 16 '22 11:04 the-rend

Thank you @the-rend , we'll be getting back to you ASAP! Sorry this has taken a while :)

Apr 19 '22 21:04 ThunderSon

no problem man :) if it needs any other modifications just let me know.

Apr 20 '22 08:04 the-rend

For the way this section is written, do we want to update it to be in the similar feel of the rest? This feels different from the rest.

If yes, should we update that after merging, since it's us that need to give the feeling? It'd be two different focus points. This PR can be for the addition of the content, and the second would make the feel uniform.

What's your thoughts?

Apr 24 '22 10:04 ThunderSon

If the content is clear and accurate then I think it's fine to merge it. If we'd prefer a different writing style, that can be a future issue/PR to change - but that's on us and not OP.

Apr 24 '22 11:04 rbsec

@rbsec thanks for the fixes and your comments.

Apr 26 '22 04:04 the-rend

@rbsec @kingthorin can you please resolve/commit your pieces in? I believe the content is novel to the guide, so let's have it, and then touch it up to follow the book's vibes :)

Jun 22 '22 22:06 ThunderSon