Introduction to web security

Performing SQL injection

When a web page performs a search for data in the system, the url query parameters will likely be the entry point to define the behaviour of the query.

For instance, take a shop and visit the url: https://myshop.com/category1=mycategory

In a second step, modify the url and set it to https://myshop.com/category1=’or 1=1–

This is how web attacker will attempt to trick the sql filter to perform an unwanted filter

Penetrating a login form

The idea to gain access to a login form is to attempt to bypass the password verification. To do this, we can inject the sql that only validates the user and ensure the sql ignores what comes after the username.

For instance, change the username to admin’– and set a random password

the query submitted will be something like ‘select * from users where username=’admin’;