Last updated at Tue, 25 Jul 2017 15:55:28 GMT
This video discusses a somewhat advanced SQL injection technique in which the SQL injection is not the primary attack. The SQL injection is used to generate cross site scripting. This is useful when cross site scripts cannot be injected into a webpage from a client because web application firewalls or other scanners are in place. When an SQL injection can be snuck past the WAF, it is possible to have the SQL injection generate the Cross Site Script dynamically.