Client-side injections

Client-side injections are merely local data injections that can lead to unauthorized access to data within the device. This includes SQL injection and UIWebView injections. Let's look at how it can be exploited.

SQL injection

In this section, we will go ahead and exploit the local SQL injection vulnerability in the iGoat app. Open the app, navigate to Categories, click on Injection Flaws, and then click on Start Exercise. You should be able to view the search bar to read articles, as shown in the following screenshot:

If you search for a in the search bar, you will be able to see only the free articles, as shown in the following ...

Get Mobile Application Penetration Testing now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mobile Application Penetration Testing by Vijay Kumar Velu

Client-side injections

SQL injection

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly