Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

Need a small more insights on SQL injections post

cydev | Last updated: Apr 03, 2020 02:34PM UTC

Hello everyone, I was going through the SQL injection learning materials, and I didn't quite understand a sentence I need some explanation to understand, that sentence follows, "In some situations, an attacker can escalate an SQL injection attack to compromise the underlying server or other back-end infrastructure, or perform a denial-of-service attack." Can anyone give examples or much detail on each of these three escalations? Thanks,

Uthman, PortSwigger Agent | Last updated: Apr 03, 2020 03:13PM UTC

Hi, This means that the SQL injection attack can be escalated to do further damage beyond the SQL injection itself. For example, an attacker could enumerate the OS/version information on the back-end server and run a scan to identify vulnerabilities associated with that information. This can then be used to formulate specific attacks to break into the server, and access/control the full database. A denial of service attack involves an attacker sending a large amount of network traffic to a server in an attempt to overload it and make resources for normal users unreachable.

cydev | Last updated: Apr 04, 2020 05:06AM UTC

Thank you for your reply, I am getting to understand these concepts now.

Uthman, PortSwigger Agent | Last updated: Apr 06, 2020 06:48AM UTC

You are welcome. Please let me know if you need any further assistance.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.