SQL injection against phishing attempts

Like everybody these days, I encounter occasional phishing attempts. Last one I saw I decided to try something, and entered bogus info with a SQL injection to drop tables as the password. I don't know much about how these attackers generally gather and store information, and was just curious if anyone knew if it was even remotely possible for this to work. Obviously, a good attacker would have everything set up to defend against SQL injection, assuming they are even using a SQL database. But so many attackers are script kiddies who have no real knowledge of what's going on. It got me wondering if anyone had instances where something like this actually worked.

submitted by /u/dragonfiremalus
[link] [comments]

from hacking: security in practice https://ift.tt/3tYdpyc

Comments