Chapter 2: Manipulating SQL – Exploiting SQL Injection
After dealing more generally with Structured Query Language (SQL) and its characteristics and peculiarities, we are now focusing more on the main crux of this book: the injection vulnerability. We've already seen, in a broader sense, what SQL injection is, and gave a glimpse of what could be done with it, and why.
In this chapter, as a follow-up to the previous one, we are continuing with the theoretical approach to the matter, getting more in touch with the practical aspects of SQL injection attacks. This chapter includes, in fact, examples of input strings that could be used for triggering SQL injection for many different purposes.
This chapter will lay the foundation for the practical part, which will instead focus on the execution of SQL injection attacks in a controlled setup, putting into practice what we will see in this part.
After discussing SQL injection with SQL syntax, this chapter will also...