This page contains notes on how to use Burp Suite to perform SQL injection attacks.

Basics

Hidden Data Attacks

Hidden data attacks come from examining parameters passed as part of a request, and fiddling with the parameters to reveal hidden data

UNION Attacks

Examining Databases

Resources

Links

Port Swigger Burp Suite training material:

• What is SQL injection? https://portswigger.net/web-security/sql-injection
• SQL injection union attacks: https://portswigger.net/web-security/sql-injection/union-attacks
• Examining the database: https://portswigger.net/web-security/sql-injection/examining-the-database
• Blind SQL injection: https://portswigger.net/web-security/sql-injection/blind
• Cheat sheet: https://portswigger.net/web-security/sql-injection/cheat-sheet