Discovering SQL Injection Vulnerabilities

Oct. 8, 2017 1 comment ADMIN Magazine Pen Testing & Audits

Within a couple of hours , an experienced Internet attack specialist can bring your server infrastructure to its knees. In many cases, the barn door through which the attackers gain entry is a classic bug in a web application: an SQL injection vulnerability. SQL injection, which has been known for around 12 years, is still one of the hacker’s most popular tools. This article presents real-life examples of SQL injection attack vectors, explains how carelessness can cause them, and shows how far-reaching the impact can be. I will start by demonstrating these SQL attack techniques manually, then I'll show how to use the SQLmap tool to look for vulnerable code. Typical Attack Vectors One feature that nearly all web applications have in common is the connection to one or multiple databases. Whether it is used for retrieving email, shopping on the web, or reading news, there will always be at least one database back end. And, no matter which programming language the web application was wr...

ariadnalunguco 5 months ago

Such a great insight from the perspective of a hacker! Good approach and logical way of putting things together!