Burp Suite/SQL Injection - charlesreid1

From charlesreid1

Revision as of 16:11, 21 May 2023 by Unknown user (talk) (→‎Burp Suite Training Labs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

This page covers how to perform SQL Injection attacks with Burp Suite.

Burp Suite Training Labs

Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data
https://www.youtube.com/watch?v=alTceRdSxS0
lab doesn't require burp suite, just tinkering with URL parameters

Lab: SQL injection vulnerability allowing login bypass

https://portswigger.net/web-security/sql-injection/lab-login-bypass
https://www.youtube.com/watch?v=ML3aGaloczI
lab doesn't require burp suite, just feeding SQL queries into login form
guessing SELECT firstname FROM users WHERE username='admin' AND password='admin'

Retrieved from "https://charlesreid1.com/w/index.php?title=Burp_Suite/SQL_Injection&oldid=29584"