Analysis and Exploration of Vulnerabilities

Things to consider

After an SQL Injection is possible, the user controls the execution flow.

  • Extract, insert, update, delete data, drop tables, etc...

SQL Injection can be leveraged to other attacks.

  • Injecting a payload that will exploit other vulnerabilities in a different system.

    • XSS, XXE, Buffer Overflow, LFI, RCE, etc...

Different DBMS have obscure features.

  • Variables and specific reserved words: @@version.

  • Execute commands: EXEC.

Many DBMS allow file IO!

  • SELECT “” INTO OUTFILE “/var/www/s.php”

  • SELECT LOAD_FILE(“/etc/passwd”)

PreviousUsing SQLNextThe NULL plate

Last updated