SQL Injection Basics

Read this: a href="https://ctf101.org/web-exploitation/sql-injection/what-is-sql-injection/" rel="noopener" target="_blank"https://ctf101.org/web-exploitation/sql-injection/what-is-sql-injection/</a>

  1. What is SQL injection? What is a database injection other than SQL?
  2. What are the different types of SQL injection?

As a helpful hint, 95% of SQL injects in basic challenges are as simple as pasting ' OR '1'='1 after a username or password. Truly wonderful.

In advanced challenges, SQL injects can be incredibly complicated and take days to figure out how to exploit after you initially identify that the site is vulnerable.

Relevant XKCD: https://xkcd.com/327/

Databases

If you want to learn databases... don't. For now just know that when we need to store information, most of the time the best way to do that is using a database using a structured query language (SQL) Here is a tutorial that does a good job of teaching the basics of this language if you ever want to get serious.

https://mystery.knightlab.com/walkthrough.html

SQL Challenges:

Do these and submit anything you struggled with:

1. https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data

2. https://portswigger.net/web-security/sql-injection/lab-login-bypass

Hoppers Roppers 2024            Date: 2024-02-25 22:05:39

results matching ""

    No results matching ""