Thursday , 9 July 2020
Home / IT Security / SQL Injection

SQL Injection

Protecting Cookies

Protecting Cookies

Protecting Cookies: Since cookies are an integral part of the web applications, it is important to understand the methods that can be used to secure them properly. While the developers of an application is ultimately he only person who can make changes to secure cookies in most cases, it is important to understand what they can do. Earlier in Articles …

Read More »

Databases and Technology

Databases and Technology

Databases & Technology: One key reason why computers are installed is for their ability to store, access, and modify data. The primary tool for data management is the database. Databases have become increasingly sophisticated, and their capabilities have grown dramatically over the last 10 years. This growth has created opportunities to view data in new ways; it has also created …

Read More »

Operating System Command Injection Vulnerabilities

Operating System Command Injection Vulnerabilities

O/S Command Injection Vulnerabilities: Another attack vector that is part of injection is operating system command injection. This occurs when a hacker is able to dictate what system level commands (commonly bash in Linux or cmd.exe in Windows) are run on the web server. In most cases, a hacker will append on a malicious system command to an existing command …

Read More »

SQL: Bypassing Authentication

SQL: Bypassing Authentication

We can now construct a valid SQL statement that will execute gracefully and retrieve information that we have no rights to retrieve. Bypassing Authentication We know we are dealing with a string column because of the quotes being applied to our input, so we can either the 1=1 or ‘a’=’a clause that were introduced earlier in previous articles. Here is …

Read More »

SQL INJECTION ATTACKS: Finding the Vulnerability

SQL INJECTION ATTACKS: Finding the Vulnerability

SQL Injection Attacks: Now that we have the basics of SQL injection down, let’s use our DVWA environment to try it out on a vulnerable page. We have a couple of goals for this section: Crash the application to prove that our input dictates the applications behavior. Retrieve usernames from the database for a targeted attack to bypass authentication. Extract …

Read More »

The SQL Interpreter

The SQL Interpreter

SQL Interpreter: One of the main aspects of this vulnerability that you must understand is that it leverages an SQL interpreter. An interpreter takes input and acts on it immediately without having to go through traditional programming processes such as linking, compiling, debugging, and running. For example, an SQL interpreter plays a key part when you search a new pair …

Read More »

SQL for Hackers: Learn How Useful SQL

SQL for Hackers

SQL for Hackers: Learn How Useful SQL : As an attacker, it is critical to gain an understanding on how this query is constructed and what exact parts of the query you are in control of. The query is broken out into three distinct parts. SELECT * FROM shoes WHERE shoeName=’ This chunk of code is prewritten by a human …

Read More »