Revision as of 16:21, 21 May 2023

This page covers how to perform SQL injection attacks with Burp Suite.

Burp Suite Training

Main article: SQL Injection

Lab 1: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

Lab 2: SQL injection vulnerability allowing login bypass

https://portswigger.net/web-security/sql-injection/lab-login-bypass
https://www.youtube.com/watch?v=ML3aGaloczI
lab doesn't require burp suite, just feeding SQL queries into login form
guessing SELECT firstname FROM users WHERE username='admin' AND password='admin'
single quotes raising internal errors are a sign of SQL Injection vulnerability
if at first you don't succeed, try, try again: admin, administrator, etc etc etc
https://www.youtube.com/watch?v=fMPvCyD2v4w
This is another version of the same lab, but using the Python requests library

Main article: SQL Injection/UNION Attack

Lab 3: SQL injection UNION attack, determining the number of columns returned by the query

@@ Line 1: / Line 1: @@
-This page covers how to perform [[SQL Injection]] attacks with Burp Suite.
+This page covers how to perform SQL injection attacks with Burp Suite.
-==Burp Suite Training Labs==
+=Burp Suite Training=
+==SQL Injection Labs==
+{{Main|SQL Injection}}
+https://portswigger.net/web-security/sql-injection
 Lab 1: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data
@@ Line 19: / Line 25: @@
 * https://www.youtube.com/watch?v=fMPvCyD2v4w
 * This is another version of the same lab, but using the Python requests library
+==SQL Injection UNION Attacks==
+{{Main|SQL Injection/UNION Attack}}
+https://portswigger.net/web-security/sql-injection/union-attacks
+Lab 3: SQL injection UNION attack, determining the number of columns returned by the query
+* https://portswigger.net/web-security/sql-injection/union-attacks/lab-determine-number-of-columns
+* https://www.youtube.com/watch?v=umXGHbEyW5I
+*