Senior Golang Software Engineer – Melbourne » Blog Archive

Last Tweets
- RT @phpmelb: Melbourne Developers! What's your favourite productivity hack, tool or technique? Fancy giving a lightning talk on it on Feb 21?, Jan 21
- RT @mrmidi: 1950 show Trackdown featured a snake oil salesman named Trump who claimed he could save the world by building a wall https://t.co/cEk1bF3adY, Jan 15
- RT @sam_dark: Implementation of JSON API specification for the Yii framework https://t.co/awIVGDXol6 #yii, Dec 18
- Is anyone looking for a very experienced #API developer in Melbourne? I'm looking for a new project to work on., Sep 19
- I just saw a great presentation on http2 by @dshafik at @phpmelb. Really interesting stuff to speed up mobile and web applications., Aug 16
- RT @buzzconfio: Getting ready for #BuzzConf Nights. Great talks coming up, and some awesome announcements! https://t.co/QghjIYj2AB https://t.co/jL35EzjTId, May 26
- RT @jakeasmith: Dear CORS, If you’re going to screw up my request at least let me know that you’re screwing up my request. Sincerely, Everyone, May 20
- RT @ianoshorty: "Every code decision ultimately becomes a ux decision." Great quote from @cap @dibiconf #dibi2016, Mar 17
- RT @snyff: I'm giving a talk on web application security at #Ruxmon this Friday in Melbourne: https://t.co/RD9MEU56KD, Mar 16
- Come along to #phpmelb tonight to see my presentation on how to build an #api with #yii framework. #Melbourne #php #yii2, Mar 15
- RT @phpmelb: @doublehops will be talking about an introduction to building an RESTful API easily with Yii2. https://t.co/8GQNniyLXC, Mar 10
- I've just installed SSL certificates with #letsencrypt. It was quite easy and will encourage the use at work., Dec 17
- I've written my first #nodebot script whilst at #buzzconf. https://t.co/230ZGuyNr0 https://t.co/CbWWrkDV7p, Nov 14
- Great presentations at @phpmelb tonight on development laws and privacy and also great to see my friends again., Oct 20
- Ex prime minister @TonyAbbottMHR shows us how far behind the times he is one last time by resigning by fax http://t.co/1q4ifL6Cpu, Sep 16
- RT @TheTweetOfGod: In a minute I'm going to turn the universe off and then back on again. Apologies for the inconvenience., Sep 08
- I just purchased my ticket to @buzzconfio. The technology festival focused on future technologies., Sep 07
- RT @wandergame: Sorry for the delay on PS4, I've been stuck on a UI bug for days. If anyone knows Scaleform on PS4 I'd love to chat!, Aug 24
- RT @phpmelb: Our next meetup is 6:30 tonight at Queens Collective. We've got great speakers, pizza and beer Don't forget to RSVP @ http://t.co/qhRQLn1tgu, Aug 18
- RT @sam_dark: If you're having trouble with #yii and composer, do `composer global require fxp/composer-asset-plugin:~1.0@dev`., Jul 30
Follow me on Twitter

A Working Example of SQL Injection

This entry was posted on May 10 2019

I started a small project recently to create a PHP based web page that is vulnerable to SQL injection to better understand how a site can be compromised and what someone can do once they’ve exploited the vulnerability. SQL injection is possible when a software developer doesn’t properly handle data sent by a user with their browser through a form or in the URL. By running this example you will learn that it is quite easy to gain shell access to a server when data is handled poorly.

The project which can be forked on Github steps you through setting up and running a virtual machine, abuse the SQL vulnerability and eventually gain shell access. Once a vulnerability has been found, it only takes five steps to gain shell access.

There are several examples of what can be done but you’re also walked through gaining shell access. It’s really quite simple. If you’re interested in web application security I suggest giving it a go. It shouldn’t take more than an hour to get through it.

View the project on Github.

PHP, python, security

Security

Sorry, comments for this entry are closed at this time.

Doublehops

Web development and technology blog

Last Tweets

A Working Example of SQL Injection