Elusive Thoughts

Intro  This article is created for completeness in this Blog as far as the Web Application Security is concerned and it is mainly focused in MS SQL injections. What is SQL? SQL was originally developed at IBM in the early 1970s but was not officially formalized until 1986 by the American National Standards Institute (ANSI). SQL was initially designed as a data query and manipulation language with limited functionality when compared to today’s feature-rich SQL dialects. SQL Microsoft SQL Server Transact-SQL (T-SQL) is Microsoft's and Sybase's proprietary extension to SQL. SQL, often expanded to Structured Query Language, is a standardized computer language that was originally developed by IBM for querying, altering and defining relational databases, using declarative statements. T-SQL expands on the SQL standard to include procedural programming, local variables, various support functions for string processing, date processing, mathematics, etc. and changes to the DELETE...

XML External Entity (XXE) Injection — Updated 2026 XML External Entity (XXE) Injection DTD Abuse // File Disclosure // Blind OOB Exfiltration // SSRF via XML XXE CWE-611 A5:2021 SSRF Blind OOB Updated 2026 Intro External entity injection is generally speaking a type of XML injection that allows an attacker to force a badly configured XML parser to "include" or "load" unwanted functionality that compromises the security of a web application. This type of attack is well documented and known since 2002, though it continues to appear in modern applications — particularly in SOAP services, file upload handlers, and legacy enterprise integrations. Taxonomy (2026): XXE was categorized as OWASP A4:2017 — XXE (its own dedicated category). In OWASP Top 10 2021, it was merged into A5:2021 — Security Misconfiguration . The primary CWE is CWE-611 (Improper Restriction of XML External Entity Reference)....

MSSQL Exploitation: OPENROWSET, xp_cmdshell, and Database Attack Primitives — 2026 Edition 2026 Edition MSSQL Exploitation: OPENROWSET, xp_cmdshell, and Database Attack Primitives A penetration tester's complete reference to MSSQL attack surface — from SQL injection to OS shell, data exfiltration to domain compromise. Microsoft SQL Server remains one of the most common database platforms in enterprise environments, and it is consistently one of the most rewarding targets in internal penetration tests. MSSQL offers a rich set of built-in functionality that, when misconfigured or when accessed through SQL injection, gives an attacker capabilities ranging from data exfiltration to full operating system command execution to Active Directory domain compromise. This post covers the core attack primitives every pentester needs to know: OPENROWSET for data exfiltration and file access, xp_cmdshell for OS command execution, hash capture techniques, privilege esc...