From the course: Ethical Hacking: Hacking Web Servers and Web Applications
Join today to access over 24,900 courses taught by industry experts.
Testing for SQL injections
From the course: Ethical Hacking: Hacking Web Servers and Web Applications
Testing for SQL injections
- Some web applications request data in their forms and use this to populate a search query for a backend SQL database. This opens up the opportunity for malicious data to be entered. If the web application doesn't check for this, it may be exposed to what is known as an SQL injection. By crafting packets in a special way, an attacker can obtain a great deal of information from the database. WebGoat has a series of SQL injection lessons. Let's take a look at a couple of them. Okay, that's loaded. So I'll use Iceweasel to connect. And our login is guest. Okay, on the left halfway down, we can see the exercises for injection flaws. I'll click on that. This expands to provide a dozen or so injection exercises. Let's pick the blind string SQL injection. This exercise presents a form which we can use to check account numbers. I'll click on go. The message continues to indicate the account number is valid. Let's…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
