Skip to main content
Secure The Throne

SQl-Injection

·177 words·1 min·
Ethical Hacking Information Hacking Server Web
Emp5r0R
Author
Emp5r0R
Lead By Curiosity
Tryhackme Streamline Icon: https://streamlinehq.comTryHackMe

  • Very common vulnerability in web applications is a SQL Injection vulnerability. Similarly to a Command Injection vulnerability, this vulnerability may occur when the web application executes a SQL query, including a value taken from user-supplied input.

  • For example, in the database section, we saw an example of how a web application would use user-input to search within a certain table, with the following line of code:

$query = "select * from users where name like '%$searchInput%'";

  • If the user input is not properly filtered and validated (as is the case with Command Injections), we may execute another SQL query alongside this query, which may eventually allow us to take control over the database and its hosting server.

  • For example, the same previous College Management System 1.2 suffers from a SQL injection vulnerability, in which we can execute another SQL query that always returns true, meaning we successfully authenticated, which allows us to log in to the application. We can use the same vulnerability to retrieve data from the database or even gain control over the hosting server.

Related

Non-relational (NoSQL)
·357 words·2 mins
Ethical Hacking Information Database Web Info
Perfection Walkthrough(Hack The Box)
·722 words·4 mins
Easy Linux Hack the Box Hacking Walkthrough Web
Caption Walkthrough(Hack The Box)
·1224 words·6 mins
Hard Linux Hack the Box Hacking Walkthrough Web