Section 6: Detecting and Exploiting SQL Injection Vulnerabilities
6.1 SQL Injection Vulnerability
SQL injection vulnerabilities are one of the most dangerous issues that can affect a Web application. In this section, you will learn what it is, how it works, and see the difference between SQLi and Blind SQLi.
Learn what is SQL injection
Know how it works
Know how it works
See the difference between SQLi and Blind SQLi.
Link:
Watch Video
Watch Video
6.2 Detecting SQL Injection Issues
SQL injection is one of the most dangerous vulnerabilities in a web application. In this video, you will learn what the methods available for detecting it are, and then we will automate the process in Python.
Review the different methods to detect SQLi
Automate the detection of SQLI with Python
Add more detection capabilities to the script.
Link:
Watch Video
Watch Video
6.3 Exploiting a SQL Injection to Extract Data
This video will focus on what an attacker can do after they find a valid SQLi. We will review the options and automate some of them in our script.
Review the data that can be extracted
Automate the basic data and table discovery in our script
Automate the basic data and table discovery in our script
Obtain the user and password hashes from the DB.
Link:
Watch Video
Watch Video
6.4 Advanced SQLi Exploiting
When exploiting SQLi, one the most important parts is to identify the names of the tables in the DB in order to find interesting data. Another important option is reading OS files as we can obtain more passwords and get the source code of the app to find other vulnerabilities.
First, add the capability to read all the table names in the DB
Then, add a file-reading capability to our script
In the final step, we will run the script and note the results of the new functions.
Link:
Watch Video
Watch Video
Click Here for Section 7
0 Comments