From the course: Offensive Penetration Testing

Unlock this course with a free trial

Join today to access over 24,200 courses taught by industry experts.

SQL injections

SQL injections

SQL injections. Learning objectives are to understand how to identify SQL injection vulnerabilities and demonstrate how to manually exploit injections. So SQL, Structured Query Language in relational databases. Databases are everywhere in web applications. If you've ever been shopping for something on Amazon and there's a price and there's an item, there's probably an underlying database for that. If you've ever signed up for a forum, you know, if you sign up for PWK, you have access to the offensive security forum and you have a username and password and you interact with other users in that forum, there's probably an underlying database there that's storing that information. And because there's so many databases out there in web applications, that the -- a SQL injection attack has been around for a very, very long time. A SQL injection is basically being able to inject our own SQL statements -- raw SQL statements into forms or the URL itself, and that allows us to query the…

Contents