When: Tuesday, October 21st @ 5:30
Where: Butler Hall, Room 100
Join us for our upcoming ACM chapter meeting.
Semester Membership: $5
Yearly Membership: $10
Yearly Membership w/ T-Shirt: $15
After the meeting:
An Introduction to Finding, Exploiting, and Preventing SQL Injections
Description: Get an introduction to what SQL Injections are, how the vulnerability is possible, and firsthand experience in finding, exploiting, and preventing them.
- A computer with an internet connection
- Preferred OS: Kali Linux (Virtual Machine will work perfectly)
- Any Linux or Windows machine can run sqlmap using Python
- Basic knowledge of what SQL is
- Basic knowledge of command-line tools
- Overview of SQL injections
- What are SQL injections?
- How are they logically possible?
- What can someone do with this exploit?
- Finding SQL injection-related vulnerabilities
- Introduction to sqlmap
- Scanning URLs
- Scanning URLs of sites that require authentication
- Exploiting SQL injection vulnerabilities
- Logging in as any user using basic SQL injection techniques (without sqlmap)
- Retrieving tables and data from a database
- Retrieving and “decrypting” passwords
- Injecting and altering data
- OS/Shell vulnerabilities
- Brief overview of preventing SQL injections in PHP
- Input sanitation
- PHP Data Objects (PDO)