Week 11 – Summary

SQL Injection reading

SQL injections techniques are one of the most popular code injection methods used by hackers to attack websites. An attacker finds vulnerabilities in the target website or SQL-based application software. Then, an attacker exploits those vulnerabilities by issuing malicious SQL statements or by exploiting incorrect input. It is done by probing techniques so that using various variables in the web address allow to test whether target website is vulnerable. Once exploited, an attacker attempts to gain admin/root access rights to the server or SQL DB. When successful, the attacker is able to gather useful and valuable information such as user names, passwords, credentials, etc. that are used to access the databases, systems and other network resources.

Question to the Class: Is there any useful tool that allows to use predefined variables sql injection commands based on entered web site address?

In the News

A Security researcher in Germany has managed to hack ATM and self-service terminal from Sparkasse Bank that allowed him to reveal the sensitive details from the payment card inserted into the machine.

Read more at: http://thehackernews.com/2015/11/german-atm-hack.html