Difference between revisions of "SQL Injection Examples on Known Vulnerable Web Applications"

Summary

This is a documentation of various SQL Injection attacks performed on well-known and also not so popular vulnerable web applications. DRAFT

Requirements

• Operating system:

Methodology

Each example contains a link to the vulnerable web application or to a tutorial how to set it up, unless it is a vulnerable website that is just accessed online. Web applications used:

• BWAPP
• DVWA
• OWASP Juice Shop
• OWASP Mutillidae
• Badstore
• Zero Bank
• Hackxor
• Acuart
• ...

Each web application is listed below in separate chapters, providing some examples of the SQLi. This Wiki also offers a brief overview over the general types of SQL injection, another somewhat different overview can also be found here: SQL Injection.

Overview - Types of SQL injection

In-band SQLi (Classic SQLi)

In-band SQL Injection is the most common and easy-to-exploit of SQL Injection attacks. In-band SQL Injection occurs when an attacker is able to use the same communication channel to both launch the attack and gather results 1.

DVWA

Acuart

This is a web application created by Acunetix as a test and demonstration site for Acunetix Web Vulnerability Scanner.

Used Hardware

Device to be used with this documentation Maybe another device to be used with this documentation

References

• https://www.acunetix.com/websitesecurity/sql-injection2/