Chapter 4. Exploiting SQL Injection
Solutions in this chapter:
▪ Understanding Common Exploit Techniques
▪ Identifying the Database
▪ Extracting Data through UNION Statements
▪ Using Conditional Statements
▪ Enumerating the Database Schema
▪ Escalating Privileges
▪ Stealing the Password Hashes
▪ Out-of-Band Communication
▪ Automating SQL Injection Exploitation
Summary
Solutions Fast Track
Frequently Asked Questions
Introduction
Once you have found and confirmed that you have an SQL injection point, what do you do with it? You may know you can interact with the database, but you don't know what the back-end database is, or anything about the query you are injecting into, or the table(s) it is accessing. Again, using inference techniques and the useful error ...
Get SQL Injection Attacks and Defense now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.