sql-injection-vulnerability

How an attacker could get your database using SQL Injection vulnerability (real demo of a hacker attack)

In recent blog we have shown you how an attacker could gain administrator’s access via Cross Site Scripting (XSS) vulnerability. Now we want to show you how an attacker could abuse even more common and more dangerous vulnerability called SQL Injection. It’s main cause is similar – the developer does not sanitize inputs. But this time it’s about inputs getting passed directly to SQL query.

We will demonstrate a real hacker attack that leads to gaining all the data in the database, including credit card information stored in the web store.

Related blogs

How to order a pen test

Blog | | Martin Hanic
Although people working in the IT security industry may consider this question to be as trivial as "How to order a phone charger", for many, writing a purchase order for a penetration test can be like designing a nuclear power plant.
Show

Unofficial Patch Tuesday – MSMQ Privilege Escalation Vulnerability Hotfix

Blog | | Citadelo
This security patch resolves a public vulnerability in the Windows Message Queuing Service (MSMQ) discovered by KoreLogic
Show

We found vulnerability of CMS Made Simple

Blog | | Citadelo
CMS Made Simple is a free, open source CMS to provide developers, programmers and site owners a web-based development and administration area. In 2010 it won the Packt Publishing annual award for open source content management.
Show

ExtendedMacro – BurpSuite plugin

Blog | | Citadelo
BurpSuite Proxy is one of the most used HTTP proxy application for web penetration testers. This tool is one of the best in its category, but sometimes we encounter a situation requiring additional functionality which is not provided by Burp itself.
Show