Reputation: 95
is it possible to perform a SQL Injection through a XSS vulnerability?
I've tried to perform a SQL Injection pentest on a website but couldn't because the website was not vulnerable. I want to try to perform a SQL Injection pentest through a XSS vulnerability. Is it possible?
Upvotes: 1
Views: 125
Answers (1)
Reputation: 562348
XSS allows an attacker to trick your website display to insert Javascript code where you had expected to output plain text.
In theory, the Javascript could create an AJAX request back to the website, and try to make a POST request with malicious content containing SQL syntax to an AJAX endpoint, and the code for that endpoint use the content in an SQL query.
But if the SQL queries on the website are not vulnerable to SQL injection already, then Javascript can't make them vulnerable.
Upvotes: 2
Related Questions
- Is it possible to run an SQL injection attack on a multi-line query?
- Is it possible to install malicious code with a SQL injection attack
- Can I use SQL injection to alter server db?
- SQL Injection without direct user input
- SQL Injection via input from escaped database entry possible?
- Is it possible to do SQL injection (HIGH Level) on Damn Vulnerable Web App?
- Can SELECT statements be injected?
- Can a SQL Injection attack be executed through anything other than SqlCommand?
- SQL Injection: is this secure?
- SQL Injection Vulnerability found