SQL injection vulnerabilities are one of the most common and most damaging vulnerabilities out there. A small opening would enable an attacker to extract every piece of data in the database. It is a subset of a vulnerabilities associated with unsanitised user inputs. The idea is to get the server to run SQL that has been specially crafted by the attacker.
Here’s a good kit to practice. Follow the instructions and you’ll be able to perform the attack without any special tools. Just some basic understanding on the web and you’re good to go.
Further reading:
Published on 19 Mar 2013 by Stanley Tan