If a web application doesn’t have a robust defence mechanism against SQL injection attacks then an attacker can submit malicious inputs to application to modify the SQL queries and retrieve hidden data from the application database. During this video we look at this scenario in action.
NOTE: This video is made ONLY for educational purposes and to help developers and security researchers to enhance their security knowledge. Therefore, allowing them remediate potential vulnerabilities in their OWN applications.
Web Security Academy | Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data
Twitter: https://twitter.com/tracethecode
