The-APP-SEC

Preapring For the APP SEC -> SEC-OPS

• Module 1

  Note: – is the sql comment.

• SQL Injection

• SQL Injection is the vulnerabilities which allows attackers to attempt/try different exploits using the SQL Queries.

• Eg: Select * from users where username=’admin’ and password=’–

• Note: Try this from the below link

• Example 1: Retrieval Of Hidden Data:

  

• Solved= +’+OR+1+1–

• Example 2: By Pasing the Login Logic

  

• Login Page View

  

• After By Pasing the Logic as the username: administrator’– password: anything goes.

  example query: SELECT * FROM users WHERE username=’administrator’–’ AND password=’’

• Refrence Link: SQL Injection