Week 9 - JimKnee-Champ/Ethical-Hacking-Journal GitHub Wiki

This week we worked with SQL injection. It is profoundly irritating to work with, given the finnicky language requirements. It is also a supreme vulnerability for many websites. In one of my forensic practicum cases we had to investigate a web server that had been the victim of an sql injection attack.

For the Gloin lab, I had to look up the SQL injection command required to extract the admin's account information, as well as the other SQL exploits needed to crack the server. I understand broadly how SQL works and that it is a vulnerability, but being able to functionally apply it on my own is still outside my grasp.

To not be vulnerable to such things, servers should use things like prepared statements so that SQL injection cant take place using user input fields or URLs, instead only providing a fixed command that input is passed to.