From the course: Offensive Penetration Testing
Join today to access over 24,200 courses taught by industry experts.
SQL injections
From the course: Offensive Penetration Testing
SQL injections
SQL injections. Learning objectives are to understand how to identify SQL injection vulnerabilities and demonstrate how to manually exploit injections. So SQL, Structured Query Language in relational databases. Databases are everywhere in web applications. If you've ever been shopping for something on Amazon and there's a price and there's an item, there's probably an underlying database for that. If you've ever signed up for a forum, you know, if you sign up for PWK, you have access to the offensive security forum and you have a username and password and you interact with other users in that forum, there's probably an underlying database there that's storing that information. And because there's so many databases out there in web applications, that the -- a SQL injection attack has been around for a very, very long time. A SQL injection is basically being able to inject our own SQL statements -- raw SQL statements into forms or the URL itself, and that allows us to query the…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
Web application enumeration14m 58s
-
(Locked)
Using intercepting proxies: Part 18m 14s
-
(Locked)
Using intercepting proxies: Part 29m 37s
-
(Locked)
SQL injections11m 33s
-
(Locked)
SQL injection authentication bypass5m 55s
-
(Locked)
Cross-Site Scripting (XSS)10m 16s
-
(Locked)
BeEF demo6m 18s
-
(Locked)
File inclusion vulnerabilities8m 53s
-
(Locked)
File inclusion demo5m 25s
-
(Locked)
File upload vulnerabilities5m 47s
-
(Locked)
XXE attacks11m 30s
-
(Locked)
Content management systems8m 38s
-
(Locked)
Content management systems demo8m 24s
-
(Locked)
Web application lab33s
-
(Locked)
Web application lab walkthrough18m 18s
-
-
-
-
-
-
-
-