Join the social network of Tech Nerds, increase skill rank, get work, manage projects...
  • How to test My SQL Injection

    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 0
    • 279
    Comment on it

    SQL injection attack can access the sensitive data from the database. The attacker can Insert, Update, Delete and execute the administration operation.


    Authentication Forms : When user enter the web form, chances are that the user credentials are checked against the database.

    Search Engines: String entered and submit by the user in SQL query that extracts all records from database.

    E-Commerce Site: The Products Storage in database . Tester have to manage the list of all input values used in SQL query that extracts all relevant records from the database.

    First Test: Single quote (') or semicolon (;) to the filed or parameter added under test. The first is used in SQL as a string termination and if not filtered by the application.

    Second Test: Used to end the SQL statement and if its not filtered.

    If user enter
    If parameters are sent through GET method on sever, we notice that system has authenticated the user without knowing the name and password because query return condition true value (OR 1=1).

    Fingerprinting The Database

    On moving to advance SQL injection exploitation tester need to know the backend.
    Backend Error

    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1

 0 Comment(s)

Sign In

Sign up using

Forgot Password
Fill out the form below and instructions to reset your password will be emailed to you:
Reset Password
Fill out the form below and reset your password: