Objective: This project demonstrates hands-on experience in identifying and exploiting SQL Injection and Cross-Site Scripting (XSS) vulnerabilities using WebGoat and DVWA.
- WebGoat: A deliberately insecure web application by OWASP for training on web vulnerabilities.
- DVWA (Damn Vulnerable Web Application): A safe, legal environment to practice web security.
- SQL Injection: Used input like
' OR '1'='1'--to dump database information. - XSS: Injected scripts to exploit the XSS vulnerability and capture session cookies.
- SQL Injection: Tested using
http://127.0.0.1/Webgoat/attackon the WebGoat platform. - XSS Attack: Exploited to inject scripts that steal session IDs.
- SQL Injection and XSS vulnerabilities can compromise web application security.
- Practical methods for identifying and mitigating these issues.