Burp Suite/SQL Injection: Difference between revisions
From charlesreid1
| Line 12: | Line 12: | ||
* https://www.youtube.com/watch?v=ML3aGaloczI | * https://www.youtube.com/watch?v=ML3aGaloczI | ||
* lab doesn't require burp suite, just feeding SQL queries into login form | * lab doesn't require burp suite, just feeding SQL queries into login form | ||
* guessing SELECT firstname FROM users WHERE username='admin' AND password='admin' | * guessing <code>SELECT firstname FROM users WHERE username='admin' AND password='admin'</code> | ||
* | * | ||
Revision as of 16:11, 21 May 2023
This page covers how to perform SQL Injection attacks with Burp Suite.
Burp Suite Training Labs
Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
- https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data
- https://www.youtube.com/watch?v=alTceRdSxS0
- lab doesn't require burp suite, just tinkering with URL parameters
Lab: SQL injection vulnerability allowing login bypass
- https://portswigger.net/web-security/sql-injection/lab-login-bypass
- https://www.youtube.com/watch?v=ML3aGaloczI
- lab doesn't require burp suite, just feeding SQL queries into login form
- guessing
SELECT firstname FROM users WHERE username='admin' AND password='admin'