AppSecExplained
  • Index < START HERE
    • My courses
    • How to get started from zero
  • 📽️Live Stream Content
    • Resource of the week
  • Discovery / Recon
    • Methodology
    • Content discovery / recon
      • Subdomains
      • Endpoints
      • Parameters
      • Spidering
  • Common vulns
    • SQL injection overview
      • Detection
      • Blind SQLi
      • Second-order SQLi
      • SQLi lab setup & writeups
    • NoSQL injection
    • JavaScript injection (XSS)
      • XSS Methodology
    • File Inclusion
      • Local file inclusion
        • Directory traversal
    • Command injection
    • XXE (XML external entity) injection
      • Blind XXE
    • Template injection
      • Server-side template injection
      • Client-side template injection
    • Authentication
      • Attacking password-based authentication
      • Attacking MFA
      • Authentication lab setup & writeups
    • Cross-Site Request Forgery (CSRF)
    • Insecure deserialization
      • PHP
      • Java
      • Python
      • .NET
    • Server-side request forgery (SSRF)
    • Insecure file upload
    • Clickjacking
    • Open redirect
    • Vulnerable components
    • Race conditions
      • Limit overrun
    • Prototype pollution
      • Client-side prototype pollution
    • APIs
      • API: BOLA
      • API: Broken authentication
      • BOPLA
      • API: BFLA
  • Bypassing controls
    • Rate limiting
    • WAF Bypasses
  • Scripts
    • Docker-compose.yml files
      • Wordpress
      • SQLi testing labs
    • PHP scripts
      • RCE Function Check
    • Wordlists
      • Single characters
      • SQLi
  • Code review
    • Getting started
    • Sinks
  • Links worth your time
    • Practical API Hacking
    • Rana Khalil's Web Security Academy Course
    • Portswigger's Web Security Academy
    • TCM Security Discord
    • PentesterLand Writeups
Powered by GitBook
On this page
  • Second-order SQL Injection
  • Other learning resources:
  • Writeups:
  • Checklist:

Was this helpful?

  1. Common vulns
  2. SQL injection overview

Second-order SQLi

Second-order SQL Injection

Second order SQL injection (also known as Stored SQL Injection) occurs when user input is first stored in the database, and later used without being validated or encoded. The injection opportunity occurs in the second operation, hence the name "second order".

A simple example:

  • A vulnerable webapp allows users to save their usernames.

  • An attacker can provide a malicious payload as their username, e.g. jeremy'); DROP TABLE users;-- -

  • Later, when the application tries to fetch the username for an operation (e.g., greeting a returning user), it executes the malicious payload.

This type of attack can lead to:

  1. Data loss or corruption.

  2. Compromise of the database.

  3. Sensitive data exposure.

  4. Remote code execution.

Other learning resources:

Writeups:

Checklist:

PreviousBlind SQLiNextSQLi lab setup & writeups

Last updated 1 year ago

Was this helpful?