websec

1 post

second order sql injection

Second Order SQL Injection Explained with Example

Introduction Second Order Sql injection is an application vulnerability, it occurs when user submitted values are stored  in the database, and then it gets used by some other functionality in the application without escaping or filtering the data. Usually data from external sources (user supplied) is considered dangerous and is escaped/filtered. Developers trust the data coming from the database. This behaviour is similar to Stored Cross Site Scripting attack. Second Order Sql Injection requires more knowledge of how submitted values are later used in order to perform successful second order sql injection. Still confused? follow the example below:- Second Order […]