Tutorial: Using SQL injection to generate cross site scripts

Blog Post created by webpwnized on Jun 29, 2012

This video discusses a somewhat advanced SQL injection technique in which the SQL injection is not the primary attack. The SQL injection is used to generate cross site scripting. This is useful when cross site scripts cannot be injected into a webpage from a client because web application firewalls or other scanners are in place. When an SQL injection can be snuck past the WAF, it is possible to have the SQL injection generate the Cross Site Script dynamically.