LFGA Web
SQLI - Learning section
CTF 101
Let's get the first definition from here and keep going on.
The Portswigger Web Academy
Link: SQL injection
After the activity
You now know:
- What an SQLI injection is.
- The impact of a SQL injection.
- How to retrieve hidden data.
- How to subvert the application logic.
- How to retrieve data from other database tables.
- How to perform SQL injection UNION attacks.
- How to determine the number of columns required in an SQL injection UNION attack.
- How to find columns with a useful data type in an SQL injection UNION attack.
- How to use an SQL injection UNION attack to retrieve interesting data.
- How to retrieve multiple values within a single column.
- What a Blind SQLI injection is.
- Exploit blind SQL injection by triggering conditional responses.
- Exploit a blind SQL injection by triggering time delays.
- How to detect SQL injection vulnerabilities.
- How to prevent SQL injection.
- How to prevent blind SQL injection attacks?.
SQLMap
Link: SQLmap Tutorial
After the activity
You now know:
- What SQLMap is.
- How to install SQLMap.
- How to perform SQLMap attacks.
PayloadAllTheThings
Also remember that you can always visit PayloadAllTheThings if you need a payload or a brief explanation.
Link: SQL Injection
Info!
There are many ways to exploit SQL injection and we will see different examples in the challenge section