[ Certified Ethical Hacker v10 ] :: [ Module 11 ] :: SQL Injection

This entry is part 13 of 21 in the series [ Certified Ethical Hacker Training ]

SQL injection

Cheat sheet:
https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet/

OWASP guide:
https://www.owasp.org/index.php/SQL_Injection

Dumping a complete database:
http://resources.infosecinstitute.com/dumping-a-database-using-sql-injection/

Exercises

1. Log into your root-me.org account, click Challenges and click Web Server. This will get you here:
https://www.root-me.org/en/Challenges/Web-Server/.

Start with “SQL Injection – Authentication”. Note all the other SQL Injection challenges. Can you beat them all?

2. In either Metasploitable2 or your own installation, go to DVWA, find Vulnerability – SQL Injection, and dump all user names. See this guide if you need help:
https://pentestlab.blog/tag/metasploitable-2/page/6/

 

Series Navigation<< [ Certified Ethical Hacker v10 ] :: [ Module 10 ] :: Web Servers and Applications[ Certified Ethical Hacker v10 ] :: [ Module 12 ] :: WiFi and Bluetooth >>

Leave a Reply