Chapter 4

Exploiting SQL injection

Alberto Revelli

Solutions in this chapter:

• Understanding Common Exploit Techniques

• Identifying the Database

• Extracting Data Through UNION Statements

• Using Conditional Statements

• Enumerating the Database Schema

• Injecting into “INSERT” Queries

• Escalating Privileges

• Stealing the Password Hashes

• Out-of-Band Communication

• SQL Injection on Mobile Devices

• Automating SQL Injection Exploitation


Once you have found and confirmed that you have an SQL injection point, what do you do with it? You may know you can interact with the database, but you don’t know what the back-end database is, or anything about the query you are injecting into, or the table(s) it is accessing. Again, ...

Get SQL Injection Attacks and Defense, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.