O'Reilly logo

SQL Injection Attacks and Defense, 2nd Edition by Justin Clarke-Salt

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 4

Exploiting SQL injection

Alberto Revelli

Solutions in this chapter:

• Understanding Common Exploit Techniques

• Identifying the Database

• Extracting Data Through UNION Statements

• Using Conditional Statements

• Enumerating the Database Schema

• Injecting into “INSERT” Queries

• Escalating Privileges

• Stealing the Password Hashes

• Out-of-Band Communication

• SQL Injection on Mobile Devices

• Automating SQL Injection Exploitation

Introduction

Once you have found and confirmed that you have an SQL injection point, what do you do with it? You may know you can interact with the database, but you don’t know what the back-end database is, or anything about the query you are injecting into, or the table(s) it is accessing. Again, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required