Lesson 1, Topic 1
In Progress

Exploiting SQL Injection Vulnerabilities & Cross-site Scripting (XSS)

Caroline February 25, 2025

Objectives: This workshop explored practical demonstrations and conceptual understanding of SQL Injection and Cross-Site Scripting (XSS) vulnerabilities. It aimed to equip participants with the ability to identify and exploit vulnerabilities in web applications. Topics covered included SQL query manipulation, authentication bypassing, and tool-based exploitation using SQLMap. Key defensive measures, such as input validation and hashing practices, were also discussed.

The Key Takeaways and Final Points: 

SQL Injection Basics and Demonstrations:

  • Exploiting vulnerabilities in user inputs to manipulate backend SQL queries.
  • Demonstrated authentication bypass using SQL Injection (‘ OR ‘1’=’1) to access restricted areas without credentials.
  • Tools like nmap and SQLMap were used for vulnerability detection and data extraction.

Defensive Techniques:

  • Implementing input sanitization and validation to mitigate SQL Injection risks.
  • Securing passwords with hashing (e.g., MD5, SHA-1) and adding salts for enhanced protection.

Importance of Reconnaissance and Automation:

  • Using tools like nmap for preliminary database and vulnerability identification.
  • Leveraging SQLMap for automated vulnerability testing and efficient data extraction.

Quick Links

Terms and Conditions
Privacy Policy

Linkedin-in
Instagram
Twitter
Youtube
Lateral Connect

© 2025 – Lateral Connect

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • Mention this member in posts
  • Invite this member to groups
  • Message this member

Please allow a few minutes for this process to complete.

Report

You have already reported this .