Revision as of 20:44, 21 May 2023

This page covers how to perform SQL Injection attacks with Burp Suite.

Burp Suite Training

Main article: SQL Injection

Lab 1: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

Lab 2: SQL injection vulnerability allowing login bypass

https://portswigger.net/web-security/sql-injection/lab-login-bypass
https://www.youtube.com/watch?v=ML3aGaloczI
lab doesn't require burp suite, just feeding SQL queries into login form
guessing SELECT firstname FROM users WHERE username='admin' AND password='admin'
single quotes raising internal errors are a sign of SQL Injection vulnerability
if at first you don't succeed, try, try again: admin, administrator, etc etc etc
https://www.youtube.com/watch?v=fMPvCyD2v4w
This is another version of the same lab, but using the Python requests library

Main article: SQL Injection/UNION Attack

Lab 3: SQL injection UNION attack, determining the number of columns returned by the query

Lab 4: SQL injection UNION attack, finding a column containing text

Lab 5: SQL injection UNION attack, retrieving data from other tables

Lab 6: SQL injection UNION attack, retrieving multiple values in a single column

Lab 7: SQL injection attack, querying the database type and version on Oracle

Lab 8: SQL injection attack, querying the database type and version on MySQL and Microsoft

Lab 9: SQL injection attack, listing the database contents on non-Oracle databases

Lab 10: SQL injection attack, listing the database contents on Oracle

Main article: SQL Injection/Blind SQL Injection
Main article: SQL Injection/Blind

Lab 11: Blind SQL injection with conditional responses

@@ Line 64: / Line 64: @@
 ==Blind SQL Injection==
+{{Main|SQL Injection/Blind SQL Injection}}
+{{Main|SQL Injection/Blind}}
 https://portswigger.net/web-security/sql-injection/blind