I. SQL Injection Attacks on MS SQL Database

Scenario

Today, SQL injection is one of the most common and perilous attacks that website’s software can experience. This attack is performed on SQL databases that have weak codes and this vulnerability can be used by an attacker to execute database queries to collect sensitive information, modify the database entries, or attach a malicious code resulting in total compromise of the most sensitive data.

As an Expert penetration tester and security administrator, you need to test web applications running on the MS SQL Server database for vulnerabilities and flaws.

Lab Objectives

The objective of this lab is to provide students with expert knowledge on SQL injection attacks and to analyze web applications for vulnerabilities. In this lab, you will learn how to:

• Log on without valid credentials

• Test for SQL injection

• Create your own user account

• Create your own database

• Directory listing

• Execute denial-of-service attacks

In this lab, you have gained from SQL injection attacks and to analyze web applications for vulnerabilities.