When you search for an item to purchase on a site, for example, the underlying query will be sent to the database and the relevant information will be returned. You will often find database systems on the back end of web applications, usually storing inventory or credentials of some sort. SQL (structured query language) is a language used to perform queries on databases in order to retrieve and manipulate data. With an SQL injection, a hacker can compromise a server and, ultimately, upload and run the "unix-privesc-check" script locally in order to further identify possible attack vectors. Information gathering is one of the most important steps in pentesting or hacking, and it can often be more rewarding to run things on the target itself as opposed to just running scripts against it remotely.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
June 2023
Categories |