From the course: Practical Cybersecurity for IT Professionals
Join today to access over 24,800 courses taught by industry experts.
Running an SQL injection attack
From the course: Practical Cybersecurity for IT Professionals
Running an SQL injection attack
- [Instructor] Let's take a deeper look at one of the common web server attacks, the SQL injection. We can demonstrate this by using an SQL Python script to directly interact with an SQL database. It doesn't need to go through a web interface, but the results are the same. In our Python script, we can see that the program imports the system and my SQL connector libraries. And then checks that there's a single argument on the call. This is the user ID we'll be searching for in our SQL query. Then we connect to the database, which is on this host and run a query with the results being saved in the cursor. The printing code is general-purpose and includes a loop to allow for multiple responses in the query. I've coded it to pick up four columns in the database and format that according to the customer's table data. Let's see what happens when we run this. Firstly, I'll run a query looking for an account sfisher. Python3 sqltest.py,…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.