Burp Suite/SQL Injection: Difference between revisions
From charlesreid1
(Created page with "This page covers how to perform SQL Injection attacks with Burp Suite. ==Burp Suite Training Labs== Lab: SQL injection vulnerability in WHERE clause allowing retrieval o...") |
|||
| Line 3: | Line 3: | ||
==Burp Suite Training Labs== | ==Burp Suite Training Labs== | ||
Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data | Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data | ||
* https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data | |||
* https://www.youtube.com/watch?v=alTceRdSxS0 | |||
* lab doesn't require burp suite, just tinkering with URL parameters | |||
Lab: SQL injection vulnerability allowing login bypass | |||
* | * https://portswigger.net/web-security/sql-injection/lab-login-bypass | ||
* https://www.youtube.com/watch?v=ML3aGaloczI | |||
* lab doesn't require burp suite, just feeding SQL queries into login form | |||
* guessing SELECT firstname FROM users WHERE username='admin' AND password='admin' | |||
* | |||
Revision as of 16:11, 21 May 2023
This page covers how to perform SQL Injection attacks with Burp Suite.
Burp Suite Training Labs
Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
- https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data
- https://www.youtube.com/watch?v=alTceRdSxS0
- lab doesn't require burp suite, just tinkering with URL parameters
Lab: SQL injection vulnerability allowing login bypass
- https://portswigger.net/web-security/sql-injection/lab-login-bypass
- https://www.youtube.com/watch?v=ML3aGaloczI
- lab doesn't require burp suite, just feeding SQL queries into login form
- guessing SELECT firstname FROM users WHERE username='admin' AND password='admin'