Test blind sql injection

Blind SQL injection A web application that is vulnerable to SQL injection may display SQL error that looks like this:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1. This error provide information that this web … Continue reading Test blind sql injection

Web Application Pentesting: Manual SQL injection

Reference: http://en.wikipedia.org/wiki/SQL_injection In a nutshell SQL injection allows unauthorized people to use SQL syntax to query the web server database backend, it is called injection because the SQL syntax is inserted into web application variables. The purpose for this post is to raise awareness of what is SQL injection and how serious it is if … Continue reading Web Application Pentesting: Manual SQL injection