This tutorial is about how sql injection happen . This injection is one of the most common and dangerous methods hackers use to attack the website. In this tutorial we need try adding a quote character after the password then the application will crashed with an unexpected error.On the bottom of the tutorial shows the log on how the syntax erros indicates the quote character.
Command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a system shell. In this attack, the attacker-supplied operating system commands are usually executed with the privileges of the vulnerable application. Command injection attacks are possible largely due to insufficient input validation
This shows one of example on how cross site scripting occur. Cross-Site Scripting (XSS) which malicious scripts are injected into trusted websites. XSS vulnerabilities permit a malicious user to execute arbitrary chunks of JavaScript when other users visit your site. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.
Hackxor is a web application hacking game developed by albinos. This is a realistic web application hacking game where players must locate and exploit vulnerabilities to progress through the story. The website provides eight missions that need to be solved where you can apply your knowledge about database security.It also designed to help players of all abilities develop their skills.
Hack The Box is an online platform allowing you to test your penetration testing skills and exchange ideas and methodologies with other members of similar interests. It contains several challenges that are constantly updated.
WebGoat is a deliberately insecure application that allows interested developers just like you to test vulnerabilities commonly found in Java-based applications that use common and popular open source components.
This video will guide you on how to install the WebGoat and then you can experience all the database vulnarabilities. All the best !
Download the latest WebGoat release from : Install WebGoat