7. Second Order SQLi

A second order SQLi can be found sometimes almost in plain sight. In this example we look at the fact that the Login fields are well protected for the input they take. The flipside is that the database allows to register users with SQLi code and from that point we can apply SQLi technically by injecting the database with the information registered inside it.

What is important to remember in these cases is that a website can have similar functionality in multiple places but in case the devs become lazy some places that should be protected the same might be overseen in the process of actually protecting them as it might be either an error on delivering a product on time, an honest mistake or a thing overseen because meh an attacker wouldn't look at that specific vector.

It is good for us to keep in mind these things so we can look also where the developers won't assume we would look.

Previous6. SQL Injection Challenge - My try:Next8. Introduction to Cross Site Scripting (XSS)