Chapter 7. Pentesting of SQLI and XSS
In this chapter, we will discuss some serious attacks on a web application. You must have heard about incidents such as data theft, the cracking of usernames and passwords, the defacement of websites, and so on, that are known to occur mainly due to the vulnerabilities that exist in web applications, such as SQL injection and XSS attacks. In Chapter 5, Foot Printing of a Web Server and a Web Application, you learned how to see which database software is being used and which OS is running on the web server. Now we will proceed with our attacks one by one. In this chapter, we will cover the following topics:
- The SQL injection attack
- Types of SQL injection attacks
- An SQL injection attack by Python script
- A Cross-site scripting attack
- Types of XSS
- An XSS attack by Python script