Thursday, July 21, 2011

Trying SQL Injection on Your Own

Hey, if after our last couple of posts, you feel like your SQL fu is up to snuff and want to get your hands on a real vulnerable web app that maybe doesn't have the answers all leaked out, then check this out.


Head on over to  http://csis.pace.edu/~lchen/sweet and download the vulnerable app they're hosting in VM or Virtualbox format. Stand up that server and follow these two guides, 5 - Security Testing and 6 - Vulnerability Management .

The Ubuntu web server is running BadStore, which you can alternately register for and download here: http://www.badstore.net  Either way, you're going to be able to run SQL Injection and XSS vulns against this web app and database.

Try it out!

2 comments:

  1. Excellent reading materiel.
    this and the latest sql post's as well.
    cheers!

    ReplyDelete
  2. Thanks! I'm really glad your found this stuff as helpful as I do!

    ReplyDelete