Web applications are becoming more and more popular, replacing traditional desktop programs at an accelerated rate. With all these new apps out on the web comes various security implications associated with being connected to the internet where anyone can poke and prod at them. One of the simplest, yet the most prevalent types of security flaws found in modern web apps are SQL injections.
A typical web app doesn't actually store any information in the app itself, but rather it communicates with a backend database where data is stored. These requests are handled by SQL queries in which the application passes a statement to the database, thus returning the requested data to the application.
What Is SQL Injection?
SQL injection is a technique used to attack applications utilizing a database by sending malicious code with the intention of accessing or modifying restricted information in the database. There are many reasons why this vulnerability exists, including improper input filtering and sanitation.
This type of attack allows one to retrieve sensitive information, modify existing data, or even destroy entire databases. The most common attack vector for SQL injection is through input fields — login forms, search forms, text boxes, and file upload functions are all excellent candidates for exploitation.
Recommended on Amazon: SQL Injection Strategies: Practical Techniques to Secure Old Vulnerabilities Against Modern Attacks
In this guide, our target will be Mutillidae, an intentionally vulnerable web app included as part of Metasploitable 2, an intentionally vulnerable Linux virtual machine (VM) designed for te ..
Support the originator by clicking the read the rest link below.
