Difference between revisions of "SQL Injection Examples on Known Vulnerable Web Applications"
VHorvathova (talk | contribs) |
VHorvathova (talk | contribs) |
||
Line 21: | Line 21: | ||
== Overview - Types of SQL injection == | == Overview - Types of SQL injection == | ||
=== In-band SQLi (Classic SQLi) === | === In-band SQLi (Classic SQLi) === | ||
In-band SQL Injection is the most common and easy-to-exploit of SQL Injection attacks. In-band SQL Injection occurs when an attacker is able to use the same communication channel to both launch the attack and gather results [https://www.acunetix.com/websitesecurity/sql-injection2/ 1]. | In-band SQL Injection is the most common and easy-to-exploit of SQL Injection attacks. In-band SQL Injection occurs when an attacker is able to use the same communication channel to both launch the attack and gather results [https://www.acunetix.com/websitesecurity/sql-injection2/ [1]]. | ||
== DVWA == | == DVWA == |
Revision as of 10:52, 5 January 2022
Summary
This is a documentation of various SQL Injection attacks performed on well-known and also not so popular vulnerable web applications. DRAFT
Requirements
- Operating system:
Methodology
Each example contains a link to the vulnerable web application or to a tutorial how to set it up, unless it is a vulnerable website that is just accessed online. Web applications used:
- BWAPP
- DVWA
- OWASP Juice Shop
- OWASP Mutillidae
- Badstore
- Zero Bank
- Hackxor
- Acuart
- ...
Each web application is listed below in separate chapters, providing some examples of the SQLi. This Wiki also offers a brief overview over the general types of SQL injection, another somewhat different overview can also be found here: SQL Injection.
Overview - Types of SQL injection
In-band SQLi (Classic SQLi)
In-band SQL Injection is the most common and easy-to-exploit of SQL Injection attacks. In-band SQL Injection occurs when an attacker is able to use the same communication channel to both launch the attack and gather results [1].
DVWA
Acuart
This is a web application created by Acunetix as a test and demonstration site for Acunetix Web Vulnerability Scanner.
Used Hardware
Device to be used with this documentation Maybe another device to be used with this documentation