Skip to content

Latest commit

 

History

History
86 lines (57 loc) · 4.59 KB

File metadata and controls

86 lines (57 loc) · 4.59 KB

5️⃣ 5 - ​SQL Injection (SQLi)

SQL Injection

Topics

  1. DB & SQL Introduction
  2. SQL Injection (SQLi)
  3. In-Band SQL Injection
    1. Error-Based SQL Injection
    2. Union-Based SQLi
  4. Blind SQLi
    1. Boolean-Based SQLi
    2. Time-Based SQLi
  5. NoSQL
    1. MongoDB NoSQL Injection
  6. SQLMap
  7. Mitigation Strategies
SQLi

SQL Injection (SQLi) is an attack method that exploits the injection of SQL commands into a web application's SQL queries. A successful SQLi attack allows a malicious hacker to access and manipulate the backend database of a web application.

Web applications, ranging from complex systems to Content Management Systems (CMSs) and simple personal web pages, often utilize databases like MySQL, SQL Server, Oracle, PostgreSQL, and others to store data, user credentials, or statistics. Structured Query Language (SQL) is employed by entities such as system operators, programmers, applications, and web applications to interact with databases.

SQL, a powerful interpreted language, is used to extract and manipulate data from databases. Web applications embed SQL commands, known as queries, in their server-side code, with connectors serving as middleware between the web application and the database.

Before delving into attack techniques, understanding some SQL basics is essential. This includes knowledge of SQL statement syntax, query execution, union operations, the DISTINCT and ALL operators, and how comments function.

{% embed url="https://owasp.org/www-community/attacks/SQL_Injection" %}

Web Basics

{% content-ref url="https://app.gitbook.com/s/iS3hadq7jVFgSa8k5wRA/practical-ethical-hacker-notes/main-contents/14-hacking-web-apps" %} 14 - Hacking Web Apps {% endcontent-ref %}

{% content-ref url="https://app.gitbook.com/s/iS3hadq7jVFgSa8k5wRA/practical-ethical-hacker-notes/main-contents/15-sql-injection" %} 15 - SQL Injection {% endcontent-ref %}

Practise

🔬 There are many vulnerable testing web apps like:

DVWA

The Damn Vulnerable Web Application (DVWA) is a web application built with PHP and MySQL intentionally designed to be susceptible to security vulnerabilities. Its primary purpose is to serve as a resource for security professionals to assess their skills and tools within a legal context. Additionally, it aids web developers in gaining a deeper understanding of the processes involved in securing web applications and facilitates learning about web application security for both students and teachers in a controlled classroom setting.

DVWA is designed to provide a platform for practicing various common web vulnerabilities at different difficulty levels, all presented through a simple and user-friendly interface. It's important to note that there are deliberate both documented and undocumented vulnerabilities within the software, encouraging users to explore and identify as many issues as possible.

{% embed url="https://github.com/digininja/DVWA" %} DVWA {% endembed %}

DVWA - My Writeups

{% content-ref url="https://app.gitbook.com/s/rRWtuMw6xkkeDjZfkcWC/dvwa" %} DVWA {% endcontent-ref %}

Theory and Lab platform

{% embed url="https://portswigger.net/web-security/all-labs" %} Web Burp Suite Security Academy {% endembed %}

❗ Disclaimer

  • Never use tools and techniques on real IP addresses, hosts or networks without proper authorization!