Скачать или смотреть All About SQL Injection | Complete Web Series | EP 01 {HINDI}

HashTags: #SQLi #SQLiTypes #SQLiSeries



Hello Guys,


Series Name: SQL Injection V1.0
Episode: 01
Description: Basic idea about SQL injection, Types of SQL Injection



#SQLinjection is a web application attack that constructs an SQL expression from user input by simple concatenation (for example $query="SELECT * FROM users WHERE id=".$_REQUEST["id"]).


If successful, the attacker can change the execution logic of the SQL query to suit his needs. Most often it performs simple fingerprinting on the DBMS, and also fetches tables with the most "interesting" names (eg "users").


After that, depending on the privileges with which the vulnerable application is launched, it can access protected parts of the back-end of the web application (for example, read files on the host side or execute arbitrary commands).


At the moment, the cheat sheet contains information only for MySQL, Microsoft SQL Server and some data for ORACLE and PostgreSQL. Sections contain syntax, explanation, and injection examples.

Used notation:
• M (MySQL);
• S (SQL Server);
• O (Oracle);
• P (PostgreSQL);
• + (possibly on other databases);
• * (special conditions required).


Twitter:   / chandanghodela  
Linkedin:   / chandan-singh-ghodela