- Why do you use curl and Wappalyzer™ for? Describe what else you can use for the same purpose?
- Describe a UNION based SQL injection attack. Provide the syntax of a union based SQL injection attack and describe it.
- Research the Internet and discuss five ways an organization can prevent SQL injection attacks. Describe which of these ways is the best way to prevent an attack and why. Provide citations.
- provide three ways in which you can obtain system information using SQL injection in the urbank.com login page. System information could include current user, database version, operating system, user password hash, table names, usernames, passwords, etc. Provide the syntax of the command used to obtain system information
- the str_ireplace(script, null, ) function disallows the SCRIPT element used in Reflected XSS lab from being executed. Your pentesting assignment is to research and identify how you would bypass the str_ireplace function and get a different script to run. Provide the syntax of the script that you will use as well as a screenshot of your results. Describe how you bypassed the str_ireplace function and got a different script to run.