[OWASP]Perform SQL Injection Attacks

overview

Perform an SQL injection attack on an MSSQL database

It is essential to ensure that the website has an input validation function when the website has input, such as login or comments from visitors. If SQL injection can be conducted, an attacker can manipulate the website’s contents, including deleting the database, allowing unauthorized users to log in, which leads to the DDoS attack.

Perform an SQL injection attack against MSSQL to extract databases using sqlmap

I right-click on the browser and get the cookie value by typing “document. cookie” on the console tab. Then, I used the sqlmap from the Parrot terminal. I can extract database information by injecting cookie value. The security administrators must know these attack methods and validate cookie values.