LFGA Web
SQLI
Welcome to this section, in this section we are going to cover a vulnerability called SQL injection. This is one of the most common vulnerabilities that we can find in CTF and in some applications. An SQL injection could exist in any web application that uses an SQL database and even a NoSQL database. For now we are going to focus in SQL databases. SQL Injection is also included in the Injection section of OWASP TOP 10.
Structured Query Language
In some courses or sites when you get into SQLI you can find a brief introduction to SQL that in most of the cases they only teach some basic queries and operators like select, union, concat, mid, etc. The point is that we don't agree with only learning and executing queries without knowing what is happening in the background.
In this guide we are going to cover more complex and complete theoretical concepts about SQL. It's going to take some time to learn and to understand, but I'm sure that it will be worth it. Let's get to it!.
Data, Database and SQL
First, we are going to learn what is data, but in the database (relational) context here. Now you know that data is stored in tables and columns now let's see a definition for that here. Now let's gather all this data with this definition essentialsql.
Now that we have an idea of what a database is now we can see what SQL is. This article cover SQL concepts that we need to learn for now.
Also, you have to know that many different database managers exist with different technologies and some variations in SQL language.
DML vs DDL
Now we have to know the definition of DML and DDL and the difference between these two. Difference between DDL and DML in DBMS
SQL statements
Now we have to learn the basics from the SQL statements that are most commonly used in SQL injection and try to understand and how it works.
SQL SELECT StatementSQL WHERE Clause
SQL AND, OR and NOT Operators
SQL ORDER BY Keyword
SQL LIKE Operator
SQL BETWEEN Operator
SQL Joins
SQL UNION Operator
That should be enough, we'll learn more on the way. Let's get to the learning section.