Ethical Hacking - Web Penetration Testing(8)

Others 2020-02-09 17:28:29 views: null

SQL INJECTION

WHAT IS SQL?

  • Most websites use a database to store data.
  • Most data stored in it(usernames, passwords ..etc.)
  • Web application reads, updates and inserts data in the database.
  • Interaction with DB done using SQL.


WHY ARE THEY SO DANGEROUS

1. They are everywhere.

2. Give access to the database –> sensitive data.

3. Can be used to read local files outside www root.

4. Can be used to log in as admin and further exploit the system.

5. Can be used to upload files.


DISCOVERING SQLi in POST

  • Try to break the page.
  • Using ‘and’, ‘order by’ or  “’”.
  • Testing text boxes and URL parameters on the form.

        http://target.com/page.php?something=something

Pre-Configure about Metasplitable2:

image

Following is a very useful error message.

image

So let’s modify the input on password box. We can login with a wrong password now.

image

Bypassing Authentication.

image

Guess you like

Origin www.cnblogs.com/keepmoving1113/p/12287569.html
Recommended
Ranking
Solve the problem that the Chinese display of the drawing using python matplotlib under the Linux system is displayed as a box
[Conference Call for Papers] The 5th International Conference on Civil Engineering, Environmental Resources and Energy Materials (CCESEM 2023)
4-yl Fast Fourier Transform
DataGirdView interlaced display color
[Docker implements test deployment CI/CD----Dingding alarm after the build is successful (7)]
[Asp.net core series] 6 the complete structure of a project in actual combat
The new version of OpenCenterV3 management background
Why can box plots detect outliers and what is the principle?
[Switch] jumbo frame Introduction
C++对象移动(3)——移动构造函数
Daily
More
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)

Code World

© 2018 codetd.com