Chapter 4. Exploiting SQL Injection

Solutions in this chapter:

▪ Understanding Common Exploit Techniques

▪ Identifying the Database

▪ Extracting Data through UNION Statements

▪ Using Conditional Statements

▪ Enumerating the Database Schema

▪ Escalating Privileges

▪ Stealing the Password Hashes

▪ Out-of-Band Communication

▪ Automating SQL Injection Exploitation

Summary

Solutions Fast Track

Frequently Asked Questions

Introduction

Once you have found and confirmed that you have an SQL injection point, what do you do with it? You may know you can interact with the database, but you don't know what the back-end database is, or anything about the query you are injecting into, or the table(s) it is accessing. Again, using inference techniques and the useful error ...

Get SQL Injection Attacks and Defense now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SQL Injection Attacks and Defense by Justin Clarke-Salt

Solutions in this chapter:

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly