As you already familiar with the subject SQL injections from the previous article part 1, we will quickly dive into exploitation with SQLi. Login to your bWAPP and select vulnerability SQL Injection (Login Form/Hero). As stated in previous post, we need to do some manual analysis to know the functionality and it’s implementation. Try to login with your some random text (test, test). Now let’s do some dynamic analysis by reviewing source code of the functionality.
Though there are many vulnerabilities, SQL injection (SQLi) has it’s own significance. This is the most prevalent and most dangerous of web application vulnerabilities. Having this SQLi vulnerability in the application, an attacker may cause severe damage such as bypassing logins, retrieving sensitive information, modifying, deleting data. Sometimes this costs life when it comes to Healthcare, Banking domains. Okay introduction apart, the objective of this article is to exploit and read some sensitive data from the database. If you don’t know what exactly is this SQLi then read my other article which may throw some light. I am splitting the subject into two parts, having everything in one might throw you out of interest.
What is Server side include
Before knowing what exactly it is, I would ask you a simple question. Let’s assume that you need to develop an application of 100 pages with dynamic content. And each page must have a Header, Footer, Logo. What would be your answer? How much time does it take to add header and footer in all the pages?
Compared with other types of HTML injections, this would be quite interesting. We can easily trick others with this injection. You can create duplicate login screen, you may inject the code to trick users to click on it. Basically, this HTML stored injection will be stored in the database and retrieved later as per the need.
From the previous article we came to know how to find and exploit HTML injection with HTTP verb ‘GET‘. Now we will inject with method ‘POST‘. Pass some values in first name and last name and click on ‘Go’. There’s no much difference in the exploits but notice the URL here, there are no parameters being passed in URL. Whereas in GET method we could see parameters with values in the URL. You can try the examples shown in article HTML Injection with GET.
What is HTML injection?
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more. But most of the organizations are in a notion that security is a service providers job. Yea, I do agree but at the same time we are also responsible to ensure the security of the application which we put on cloud. Conducting Penetration Testing on your own application on Cloud should be done meticulously. Continue reading
I just wanted to give you an overview how one can be a Penetration Tester. I’m not gonna talk about career opportunities here since I do believe that a security enthusiast will always be passionate about information security, having a sense of how networks works and systems works. So, this article will shed some light for Quality Assurance, Test Automation engineers, enthusiasts who have a dream to start their journey to becoming a Penetration Tester.
Penetration Testing is a practice of testing a system, network, or Web application to find out the vulnerabilities where an attacker could exploit or sift through a loop hole in the system. Most of the organizations hire penetration testers to be a part their internal security teams, where they can test products or systems for exploitable security flaws and assure security.
Often people ask me how to start with. I know, this is the hardest of all as it is quite tricky to find the source to kick off from the basics. Although there exists tons of books and other sources which will teach you how to perform penetration testing, web application testing. I will start with few cornerstones and essential skills required. I know it would be bit uncertain when you start reading but to set realistic expectations of what one would expect from a security analyst to my solitary view. Don’t be discouraged if you don’t have all the essential skills which I’ve listed here but rather pop the hood by learning them. Continue reading
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives basic information about SQL injections, but still I hope it’s informative which might helps you. SQL injection is a basic technique where hacker might use to take over unauthorized access of the database or maybe to enumerate the data from the database. People might think, it’s an issue with the database configuration. Yea you’re partly right.