Adding SEO titles, keywords, and descriptions. (#3)

Author: JacobReynolds

README.md

@@ -18,3 +18,4 @@ See [CONTRIBUTING.md](https://github.com/NetSPI/WikiJekyllTheme/blob/master/CONT
 - Khai Tran (@k_tr4n)
 - Rafael Seferyan
 - Scott Sutherland (@_nullbind)
+

_data/injectionDescriptions.yml

@@ -1,16 +1,17 @@
 injectionDetection: Injections can be detected in a number of ways. The simplest being adding a <code>'</code> or <code>\</code> after various parameters and getting a database error returned from the web server. The sections below describe where to find and how to detect these parameters."
 dbmsIdentification: Detecting what Database Management System (DBMS) is being used is critical in being able to further exploit an injection. Without that knowledge it would not be possible to determine what tables to query, what functions are built-in, and what detections to avoid. A successful response from the below queries identify that the selected DBMS is being used.
-errorBased: Error based injections are exploited through triggering errors generated by the database when invalid input is passed to it. The error messages can be used to return the full query results, or gain information on how to restructure the query for further exploitation.
+errorBased: Error based injections are exploited through triggering errors in the database when invalid inputs are passed to it. The error messages can be used to return the full query results, or gain information on how to restructure the query for further exploitation.
 unionBased: Union based SQL injection allows an attacker to extract information from the database by extending the results returned by the original query. The Union operator can only be used if the original/new queries have the same structure (number and data type of columns).
 blindBased: Blind SQL injection is one of the more advanced methods of injection. The Partial-Blind and Full-Blind methods are detailed below. Use care when performing these queries, as they can overload a server if performed through heavy automation.
 conditionalStatements: Conditional statements are beneficial for creating complex queries and aiding in Blind Injection.
 injectionPlacement: SQL injection is always a hassle when it isn't apparent where the injection is taking place. It is helpful to have a few ways to exploit injections in various parts of the query.
 injectionObfuscation: Obfuscating queries aids in bypassing Web Application Firewalls (WAFs) and Intrusion Detection/Prevention Systems (IDS/IPS). Below are examples of basic query obfuscations, they may require modification before being applied to certain injections.
 dataExfiltration: Exfiltrating data allows easier data analysis, as well as an offline copy of any compromised data.  Data can be exfiltrated through files, various Layer 4 requests, and hidden techniques.
 dataTargeting: Being able to properly target and identify sensitive information can exponentially decrease time spent in a database. This means less time spent poking around and more time spent researching other vectors.
-executingOSCommands: Running an OS command is one of the primary objectives of SQL injection, this aids in getting full control of the host OS. This may happen by directly executing commands, modifying existing data to put a shell on a webpage, or exploiting hidden functionality in the database.
+executingOSCommands: Running OS commands is one of the primary objectives of SQL injection, this aids in getting full control of the host OS. This may happen by directly executing commands, modifying existing data to put a shell on a webpage, or exploiting hidden functionality in the database.
 informationGathering: It is often valuable to gather information about any testing environment; version numbers, user accounts, and databases all help in escalating vulnerabilities. Below are common methods for this.
 lateralMovement: Lateral movement allows a tester to gain access to different sets of functionality/data that don't explicitly require a more privileged user. Switching user accounts laterally will expose different information and could aid in compromising a more privileged user.
 privilegeEscalation: Certain functionalities require a privileged user and for escalating a vulnerability a privileged user is always the first step.
 readingAndWritingFiles: Reading and writing to files aids in data gathering as well as data exfiltration. Many methods include writing to the webroot, which enables a web shell to be executed, or allowing data to be exfiltrated over port 80/443.
-persistence: Gaining persistence on a system allows a semi-permanent foothold in a network. Through this foothold different vectors and exploit methods can be attempted.
+persistence: Gaining persistence on a system creates a semi-permanent foothold in the network, allowing prolonged exploitation time. With this extra time different vectors and exploit methods can be attempted.
+parameterManipulation: Manipulating parameters aids in bypassing Web Application Firewalls, Anti-Virus scanners, and allows modification of various SQL queries for unique situations.

_data/metadata.yml

@@ -1,6 +1,5 @@
 googleTagManagerID: GTM-M7JZ64N
-keywords: "netspi, sql injection, wiki, sqli, sql, injection, netspy, network security professionals, oracle, mysql, sqlserver, mssql, cheat sheet, cheat, sheet"
-description: This wiki's mission is to be a one stop resource for fully identifying, exploiting, and escalating SQL injection vulnerabilities across various Database Management Systems
-ogImageLink: https://sqlwiki.netspi.com/assets/images/facebookCard.jpg
-twitterImageLink: https://sqlwiki.netspi.com/assets/images/twitterCard.jpg
+keywords: netspi, sql injection, wiki, sqli, sql, injection, netspy, network security professionals, oracle, mysql, sqlserver, mssql, cheat sheet, cheat, sheet
+ogImageLink: /assets/images/facebookCard.jpg
+twitterImageLink: /assets/images/twitterCard.jpg
 title: NetSPI SQL Injection Wiki

attackQueries/dataExfiltration/index.html

@@ -1,8 +1,8 @@
 ---
 layout: tab
-
-
-
+description: Exfiltrating data through SQL Injection allows easier data analysis, as well as an offline copy of any compromised data.
+keywords: data exfiltration, exfiltration, breach
+Title:  Data Exfiltration | NetSPI SQL Injection Wiki
 tabs:
   - title: MySQL
     shortName: mysql
@@ -13,4 +13,4 @@
   - title: SQL Server
     shortName: sqlserver
     fileName: sqlserver.html
----
+---

attackQueries/dataTargeting/index.html

@@ -1,8 +1,8 @@
 ---
 layout: tab
-
-
-
+description: Being able to properly target and identify sensitive information can exponentially decrease time spent in a database.
+title: Data Targeting | NetSPI SQL Injection Wiki 
+keywords: data targeting, sql injection data, breach data
 tabs:
   - title: MySQL
     shortName: mysql
@@ -13,4 +13,4 @@
   - title: SQL Server
     shortName: sqlserver
     fileName: sqlserver.html
----
+---

attackQueries/executingOSCommands/index.html

@@ -1,8 +1,8 @@
 ---
 layout: tab
-
-
-
+description: Running OS commands is one of the primary objectives of SQL injection, this aids in getting full control of the host OS.
+keywords: os command, operating system command, command injection
+title: OS Commands | NetSPI SQL Injection Wiki 
 tabs:
   - title: MySQL
     shortName: mysql

attackQueries/index.html

@@ -1,5 +1,8 @@
 ---
 layout: default
+description: After verifying a SQL injection, all of these methods can be used to further exploit the database.
+title: Attack Queries | NetSPI SQL Injection Wiki
+keywords: attack queries
 ---
 <h3 id="sql-injection-detection">Attack Queries</h3>
 <p class="readableText">Once the injectable parameters and DBMS type are identified we need to attack the database.  Below you will find various section to aid you in escalating privileges, exfiltrating data, and more.</p>

attackQueries/informationGathering/index.html

@@ -1,8 +1,8 @@
 ---
 layout: tab
-
-
-
+description: It is often valuable to gather information about any testing environment; version numbers, user accounts, and databases all help in escalating vulnerabilities.
+keywords: information gathering, information, data, gathering
+title: Information Gathering | NetSPI SQL Injection Wiki
 tabs:
   - title: MySQL
     shortName: mysql
@@ -13,4 +13,4 @@
   - title: SQL Server
     shortName: sqlserver
     fileName: sqlserver.html
----
+---

attackQueries/lateralMovement/index.html

@@ -1,8 +1,8 @@
 ---
 layout: tab
-
-
-
+description: Lateral movement allows a tester to gain access to different sets of functionality/data that don't explicitly require a more privileged user.
+title: Lateral Movement | NetSPI SQL Injection Wiki
+keywords: privilege escalation, lateral, movement, lateral movement, privilege
 tabs:
   - title: MySQL
     shortName: mysql
@@ -13,4 +13,4 @@
   - title: SQL Server
     shortName: sqlserver
     fileName: sqlserver.html
----
+---

attackQueries/parameterManipulation/index.html

@@ -1,8 +1,8 @@
 ---
 layout: tab
-
-
-
+description: Manipulating parameters aids in bypassing Web Application Firewalls, Anti-Virus scanners, and allows obfuscation of the injection string.
+keywords: parameter manipulation, obfuscation, waf, web application firewall
+title: Parameter Manipulation | NetSPI SQL Injection Wiki
 tabs:
   - title: MySQL
     shortName: mysql
@@ -13,4 +13,4 @@
   - title: SQL Server
     shortName: sqlserver
     fileName: sqlserver.html
----
+---

attackQueries/parameterManipulation/mysql.html

@@ -1,6 +1,6 @@
 <h3 id="parameter-manipulation">Parameter Manipulation</h3>
 
-<p class="injectionDescription">Manipulating parameters aids in bypassing Web Application Firewalls, Anti-Virus scanners, and allows modification of various SQL queries for unique situations.</p>
+<p class="injectionDescription">{{site.data.injectionDescriptions.parameterManipulation}}</p>
 
 <table class="table table-striped table-hover">
     <thead>

attackQueries/parameterManipulation/oracle.html

@@ -1,6 +1,6 @@
 <h3 id="parameter-manipulation">Parameter Manipulation</h3>
 
-<p class="injectionDescription">Manipulating parameters aids in bypassing Web Application Firewalls, Anti-Virus scanners, and allows modification of various SQL queries for unique situations.</p>
+<p class="injectionDescription">{{site.data.injectionDescriptions.parameterManipulation}}</p>
 
 <table class="table table-striped table-hover">
     <thead>

attackQueries/parameterManipulation/sqlserver.html

@@ -1,6 +1,6 @@
 <h3 id="parameter-manipulation">Parameter Manipulation</h3>
 
-<p class="injectionDescription">Manipulating parameters aids in bypassing Web Application Firewalls, Anti-Virus scanners, and allows modification of various SQL queries for unique situations.</p>
+<p class="injectionDescription">{{site.data.injectionDescriptions.parameterManipulation}}</p>
 
 <table class="table table-striped table-hover">
     <thead>

attackQueries/persistence/index.html

@@ -1,5 +1,8 @@
 ---
 layout: tab
+description: Gaining persistence on a system creates a semi-permanent foothold in the network, allowing prolonged exploitation time.
+keywords: persistence, network, foothold
+title: Persistence | NetSPI SQL Injection Wiki
 tabs:
   - title: MySQL
     shortName: mysql

attackQueries/privilegeEscalation/index.html

@@ -1,5 +1,8 @@
 ---
 layout: tab
+description: Certain functionalities require a privileged user and for escalating a vulnerability a privileged user is always the first step.
+keywords: privilege escalation, dba, dbo, admin, administrator
+title: Privilege Escalation | NetSPI SQL Injection Wiki
 tabs:
   - title: MySQL
     shortName: mysql

attackQueries/readingAndWritingFiles/index.html

@@ -1,8 +1,8 @@
 ---
 layout: tab
-
-
-
+description: Reading and writing to files aids in data gathering as well as data exfiltration.
+keywords: data gathering, reading and writing, reading, writing
+title: Reading and Writing Files | NetSPI SQL Injection Wiki
 tabs:
   - title: MySQL
     shortName: mysql
@@ -13,4 +13,4 @@
   - title: SQL Server
     shortName: sqlserver
     fileName: sqlserver.html
----
+---

dbmsIdentification/index.html

@@ -1,7 +1,8 @@
 ---
 layout: tab
-
-
+description: Detecting what Database Management System (DBMS) is being used is critical in being able to further exploit an injection.
+keywords: dbms identification, what, database, what kind
+title: DBMS Identification | NetSPI SQL Injection Wiki
 tabs:
   - title: MySQL
     shortName: mysql

detection.html

@@ -1,5 +1,8 @@
 ---
 layout: default
+description: SQL injections can be detected in a number of ways, use these methods to help you start your escalation path.
+keywords: sql injection detection, detection, blind sql injection, error based sql injection
+title: Detection | NetSPI SQL Injection Wiki 
 ---
 <h3 id="sql-injection-detection">SQL Injection Detection</h3>
 <p class="injectionDescription">{{site.data.injectionDescriptions.injectionDetection}}</p>

index.html

@@ -1,5 +1,7 @@
 ---
 layout: default
+description: A one stop resource for fully identifying, exploiting, and escalating SQL injection vulnerabilities across various Database Management Systems.
+title: NetSPI SQL Injection Wiki
 ---
 
 <h2 id="header">Welcome to the NetSPI SQL Injection Wiki!</h2>

injectionTechniques/conditionalStatements/index.html

@@ -1,8 +1,8 @@
 ---
 layout: tab
-
-
-
+description: Conditional statements are beneficial for creating complex queries and aiding in Blind SQL Injection.
+title: Conditional Statements | NetSPI SQL Injection Wiki
+keywords: conditional statements, if, case, statement
 tabs:
   - title: MySQL
     shortName: mysql
@@ -13,4 +13,4 @@
   - title: SQL Server
     shortName: sqlserver
     fileName: sqlserver.html
----
+---

injectionTechniques/index.html

@@ -1,5 +1,8 @@
 ---
 layout: default
+description: The following techniques will aid in gaining first exploitation of a new SQL Injection.
+keywords: techniques, how-to, obfuscation, placement, conditional statements
+title: Injection Techniques | NetSPI SQL Injection Wiki
 ---
 <h3 id="sql-injection-detection">Injection Techniques</h3>
 <p class="readableText">Below are a couple techniques to aid you in exploiting various SQL injections.</p>

injectionTechniques/injectionPlacement/index.html

@@ -1,8 +1,8 @@
 ---
 layout: tab
-
-
-
+description: SQL injection is always a hassle when it isn't apparent where the injection is taking place. Here are the most common places.
+keywords: injection placement, placement, where
+title: Injection Placement | SQL Injection Wiki
 tabs:
   - title: MySQL
     shortName: mysql
@@ -13,4 +13,4 @@
   - title: SQL Server
     shortName: sqlserver
     fileName: sqlserver.html
----
+---

injectionTechniques/obfuscation/index.html

@@ -1,8 +1,8 @@
 ---
 layout: tab
-
-
-
+description: Obfuscating SQL Injection queries aids in bypassing Web Application Firewalls (WAFs) and Intrusion Detection/Prevention Systems (IDS/IPS).
+keywords: waf, ids, ips, obfuscation, query, manipulation
+title: Obfuscation | NetSPI SQL Injection Wiki
 tabs:
   - title: MySQL
     shortName: mysql
@@ -13,4 +13,4 @@
   - title: SQL Server
     shortName: sqlserver
     fileName: sqlserver.html
----
+---

injectionTypes/blindBased/index.html

@@ -1,8 +1,8 @@
 ---
 layout: tab
-
-
-
+description: Blind SQL injection is one of the more advanced methods of injection. The Partial-Blind and Full-Blind methods are detailed below.
+title: Blind Based Injection | NetSPI SQL Injection Wiki
+keywords: blind, blind based, blind-based
 tabs:
   - title: MySQL
     shortName: mysql
@@ -13,4 +13,4 @@
   - title: SQL Server
     shortName: sqlserver
     fileName: sqlserver.html
----
+---

injectionTypes/errorBased/index.html

@@ -1,8 +1,8 @@
 ---
 layout: tab
-
-
-
+description:Error based SQL Injections are exploited through triggering errors in the database when invalid inputs are passed to it.
+title: Error Based Injection | NetSPI SQL Injection Wiki
+keywords: error based, error-based, error
 tabs:
   - title: MySQL
     shortName: mysql
@@ -13,4 +13,4 @@
   - title: SQL Server
     shortName: sqlserver
     fileName: sqlserver.html
----
+---

injectionTypes/index.html

@@ -1,5 +1,8 @@
 ---
 layout: default
+description: These sections identify the main types of SQL Injection that can be found and how to exploit certain scenarios within those injection types.
+title: Injection Types | NetSPI SQL Injection Wiki
+keywords: error, union, blind, based
 ---
 <h3 id="sql-injection-detection">Injection Types</h3>
 <p class="readableText">The sections below identify the main types of injections that can be found and how to exploit certain scenarios within those injection types.</p>

injectionTypes/unionBased/index.html

@@ -1,8 +1,8 @@
 ---
 layout: tab
-
-
-
+description: Union based SQL Injection allows an attacker to extract information from the database by extending the results returned by the original query.
+title: Union Based Injection | NetSPI SQL Injection Wiki
+keywords: union, union based, union-based
 tabs:
   - title: MySQL
     shortName: mysql
@@ -13,4 +13,4 @@
   - title: SQL Server
     shortName: sqlserver
     fileName: sqlserver.html
----
+---

misc/contributors.html

@@ -1,5 +1,8 @@
 ---
 layout: default
+description: Huge amounts of thanks to all of our contributors!
+keywords: contributors
+title: Contributors | NetSPI SQL Injection Wiki
 ---
 <h3>Special thanks to our contributors:</h3>
 <ul>