From the course: A Bug Bounty Toolkit for Security Researchers
Join today to access over 25,300 courses taught by industry experts.
SQL injection (SQLi)
From the course: A Bug Bounty Toolkit for Security Researchers
SQL injection (SQLi)
- In this next demo we're going to look at SQL injection vulnerability. So I have the Juice Shop running here. I'm going to go to the login page and see if we can bypass the login and get access to some user accounts. So the first thing we do for SQL injection see if we can inject any connectors in the backend query. So you can try with double quotes first and just provide a random password, some gibberish value for a password. Okay, we get invalid user input. Maybe you can try single quotes. Okay, it looks like something happened here. It's not the usual error, but this information not very useful. So how do we know like what's happening here? Maybe let's look at the proxy, Burp proxy and see how this raw HTTP request looks like here. We have the login request here. We get a lot more information here. So let's send this to Repeater. Let's send this request again. And unlike the browser, we have lot more information here in the response and we can see there's a SQLite error. and also…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.