SQL Injection (SQLi) vulnerabilities are the most common injection flaws found in web applications today, ranking number one in the OWASP Top 10 most critical web application security risks. When an attacker is able to find and exploit such a vulnerability, the end result is often disastrous: complete database download, application backdoor created or even remote code execution. Suffice to say that penetration testers need to find these vulnerabilities before the bad guys do.
But vulnerability scanners and automated exploitation tools like sqlmap can only do so much when it comes to finding and exploiting SQLi vulnerabilities. While they do a good job for regular or error-based SQLi vulnerabilities, their success rate lowers drastically when blind SQLi is encountered, especially when time-based attacks are required. And if you need to be quiet on the network, most tools are just insanely noisy…
This course is designed to help penetration testers who have been using these tools to get to the next level, where finding and exploiting SQLi is no longer easy. When only a browser and notepad are available to you or when being quiet is critical, you will be glad you know this stuff.
1) SQL crash course for hackers
2) Error-based SQL Injection
- Bypassing login (demo)
- UNION exploitation techniques (exercise)
3) Blind SQL Injection
- Splitting and Balancing
- Boolean exploitation techniques (exercise)
- Time-based exploitation techniques (exercise)
4) Using tools
- Exploiting error-based and blind SQLi using sqlmap (exercise)
