We covered the third part that discusses string SQL injection vulnerability using OWASP WebGoat lab.

String SQL injection can be easily exploited by applications that construct queries dynamically by joining strings together. If the input accepts a string that is passed into the query as a string parameter, you can quickly modify the build query by forming the string according to your requirements by enclosing it in quotation marks. For instance, you could use quote marks to finish the string parameter and then enter your own SQL.

Get OSCP Certificate Notes

The Complete Practical Web Application Penetration Testing Course

Video Walkthrough

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles