Burp Suite/SQL Injection - charlesreid1

From charlesreid1

Revision as of 16:13, 21 May 2023 by Unknown user (talk) (→‎Burp Suite Training Labs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This page covers how to perform SQL Injection attacks with Burp Suite.

Burp Suite Training Labs

Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data
https://www.youtube.com/watch?v=alTceRdSxS0
lab doesn't require burp suite, just tinkering with URL parameters
single quotes raising internal errors are a sign of SQL Injection vulnerability

Lab: SQL injection vulnerability allowing login bypass

https://portswigger.net/web-security/sql-injection/lab-login-bypass
https://www.youtube.com/watch?v=ML3aGaloczI
lab doesn't require burp suite, just feeding SQL queries into login form
guessing SELECT firstname FROM users WHERE username='admin' AND password='admin'
single quotes raising internal errors are a sign of SQL Injection vulnerability
not taking failure as an option: admin, administrator, etc etc etc

Retrieved from "https://charlesreid1.com/w/index.php?title=Burp_Suite/SQL_Injection&oldid=29586"