How an attacker could get your database using SQL Injection vulnerability (real demo of a hacker attack)

Blog | 11 Apr 2014

In recent blog we have shown you how an attacker could gain administrator’s access via Cross Site Scripting (XSS) vulnerability. Now we want to show you how an attacker could abuse even more common and more dangerous vulnerability called SQL Injection. It’s main cause is similar – the developer does not sanitize inputs. But this time it’s about inputs getting passed directly to SQL query.

We will demonstrate a real hacker attack that leads to gaining all the data in the database, including credit card information stored in the web store.

Verwandte Blogs

How to order a pen test

Blog | 8 Feb 2018 | Martin Hanic

Although people working in the IT security industry may consider this question to be as trivial as "How to order a phone charger", for many, writing a purchase order for a penetration test can be like designing a nuclear power plant.

Anzeigen

Unofficial Patch Tuesday – MSMQ Privilege Escalation Vulnerability Hotfix

Blog | 18 Aug 2017 | Citadelo

This security patch resolves a public vulnerability in the Windows Message Queuing Service (MSMQ) discovered by KoreLogic

Anzeigen

We found vulnerability of CMS Made Simple

Blog | 6 Jul 2017 | Citadelo

CMS Made Simple is a free, open source CMS to provide developers, programmers and site owners a web-based development and administration area. In 2010 it won the Packt Publishing annual award for open source content management.

Anzeigen

ExtendedMacro – BurpSuite plugin

Blog | 4 May 2017 | Citadelo

BurpSuite Proxy is one of the most used HTTP proxy application for web penetration testers. This tool is one of the best in its category, but sometimes we encounter a situation requiring additional functionality which is not provided by Burp itself.

Anzeigen