4 Attacking Internet-Facing Web Applications – SQL Injection and Cross-Site Scripting (XSS) on WordPress

“In battle, there are not more than two methods of attack - the direct and the indirect; yet these two in combination give rise to an endless series of maneuvers.”

Sunzi and Giles [1]

Welcome to the fourth chapter, where we analyze SQL injections focusing on WordPress, the king of internet-facing web applications, starting from static analysis.

In the previous scenario, we looked for issues related to protocol implementations, thus studying the protocol and looking for weak implementations. This chapter will focus on source code analysis and how to use it to discover vulnerabilities.

We will rely on WordPress – which we already met in

Get Attacking and Exploiting Modern Web Applications now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Attacking and Exploiting Modern Web Applications by Simone Onofri, Donato Onofri

4

Attacking Internet-Facing Web Applications – SQL Injection and Cross-Site Scripting (XSS) on WordPress

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly