Abstract
With the advent of high dependency on the usage of web applications in a day to day life, the issue of web attacks has become a serious concern in information security. Attackers are continuously discovering innovative strategies to exploit the vulnerabilities existing in an application. Compounded SQLi is one of the attacking techniques which consists of combining the SQL injection with other forms of attacks to perform more advanced attacks. In the paper, we present a new form of compounded SQL injection attack technique which uses the SQLi attack vectors to perform content spoofing attacks on a web application. Content spoofing and SQL injection (SQLi) are the two different kinds of injection vulnerabilities of a website. Former is the client-side attack while the latter is the part of server-side attacks. Content spoofing attacks target the website with the aim to deceive its users by presenting the malicious content on the webpage which they believed to be the legitimate content. On the other hand, SQLi-based attacks target the application to exfiltrate the database records and perform unauthorized operations at the server. The paper demonstrates the step by step procedure to conduct content spoofing via SQLi attack vectors. Furthermore, the paper explains how the attacker can use the proposed compounded SQLi attack to harm the websites which were earlier resistant to traditional content spoofing attacks.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
