/
web app pentesting
/
sql injection
Menu
SQL Injection
What is SQL injection (SQLi)?
How to detect SQL injection vulnerabilities
Weird behavior
SQL injection in different parts of the query
Retrieving hidden data
Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
Subverting application logic
Lab: SQL injection vulnerability allowing login bypass
SQL injection UNION attacks
Determining the number of columns required
Lab: SQL injection UNION attack, determining the number of columns returned by the query
Database-specific syntax
Finding columns with a useful data type
Lab: SQL injection UNION attack, finding a column containing text
Using a SQL injection UNION attack to retrieve interesting data
Lab: SQL injection UNION attack, retrieving data from other tables
Retrieving multiple values within a single column
Lab: SQL injection UNION attack, retrieving multiple values in a single column
Union SQLi Main Ideas Handwritten
Examining the database in SQL injection attacks
Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft
Listing the contents of the database
Lab: SQL injection attack, listing the database contents on non-Oracle databases
SQL injection in different contexts
Lab: SQL injection with filter bypass via XML encoding
Bug Bounty
Blind SQL injection
Exploiting blind SQL injection by triggering conditional responses
Lab: Blind SQL injection with conditional
responses
Blind SQLi main ideas handwritten
Error-based SQL injection
Exploiting blind SQL injection by triggering conditional
errors
Lab: Blind SQL injection with conditional errors
Extracting sensitive data via verbose SQL error messages
Lab: Visible error-based SQL injection
Exploiting blind SQL injection by triggering time delays
Lab: Blind SQL injection with time delays and information retrieval
Exploiting blind SQL injection using out-of-band (OAST) techniques
Exploiting blind SQL injection using out-of-band (OAST) techniques - Continued
Second-order SQL injection
How to prevent SQL injection
Blind SQLi Main Commands
Logical Operators
THM
