Network simulator 12.0 Software - XSS Stored and SQL Injection
Download the network diagram used
Injection attacks are based on an injected script, therefore not part of the page initially. They should normally be neutralized by protective measures (web page coding). In their absence, XSS type vulnerabilities (javascript injection) and SQL injection are present.
For the Reflected XSS, see Reflected XSS
This network schema is used to present XSS and SQL injection vulnerabilities. The attacker will use the Hacker station :
XSS Stored and SQL Injection Vulnerability
The stored XSS is more dangerous than the reflected XSS because it is likely to run with each consultation. The malicious script is kept in a field of a database table, but the principle remains the same.
The example uses a dummy record page (person name) that adds the value entered to the list table and then displays all the names present: xsssql.php. This page is predefined in the web server :
Out of curiosity, you can reproduce XSS and SQL vulnerabilities with a real server by consulting the source (XSS Stored, SQL Injection button). This script is read-only.
To experiment with stored XSS and SQL vulnerabilities, launch the browser on Hacker and go to 1.1.1.1 :
Click the XSS Stored and SQL Injection link :
The xsssql.php page is displayed. Use it without attacking by entering first names. The list is displayed :
If you fill in with javascript (XSS Message button), the malicious code is in the table, and executed at each display :
SQL injection works on another principle. The value entered must complete the request provided in the code on the server, before completing it with the injected request... The content therefore depends on the PHP source of the page. To help, the SQL Clear button offers injection for deleting the liste table :
After validation, the liste table is emptied :
Note: PHP server and database server are simulated. For this reason, SQL injection is limited to the proposed complete deletion.
The code can (must) fight against XSS injection. To observe it, check Countermeasure and validate. Restart your previous tests :
