Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: Examples of data returned via successful SQL injection - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Examples of data returned via successful SQL injection
Hello Guy,

I suggest you to learn 'from both sides'. Install DVWA ("Damn Vulnerable Web App" - dvwa.co.uk/) and try to find/abuse the SQL injections present in the application. At the same time, capture the traffic with tcpdump then replay it or analyze it to discover the network patterns...

/x
Xme

264 Posts
ISC Handler
If you're a 504 alumni, there's a lab for SQL injection that you can re-do. There are some easter eggs in that lab - applying some of the lecture techniques beyond the lab will let you find even more stuff. Juice

12 Posts
SQL injection happens when you interpolate some content into a SQL query string, and the result modifies the syntax of your query in ways you didn't intend.

It doesn't have to be malicious, it can be an accident. But accidental SQL injection is more likely to result in an error than in a vulnerability.

The harmful content doesn't have to come from a user, it could be content that your application gets from any source, or even generates itself in code.

How does it cause vulnerabilities?

It can lead to vulnerabilities because attackers can send values to an application that they know will be interpolated into a SQL string. By being very clever, they can manipulate the result of queries, reading data or even changing data that they shouldn't be allowed to do.

For examples you could visit here
http://unixwiz.net/techtips/sql-injection.html

Ajit Khodke
https://www.webhosting.uk.com/
AjitKhodke

1 Posts

Sign Up for Free or Log In to start participating in the conversation!