This page covers how to perform SQL Injection attacks with Burp Suite.

Burp Suite Training

SQL Injection Labs

https://portswigger.net/web-security/sql-injection

Lab 1: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data

• https://portswigger.net/web-security/sql-injection/lab-retrieve-hidden-data
• https://www.youtube.com/watch?v=alTceRdSxS0
• lab doesn't require burp suite, just tinkering with URL parameters
• single quotes raising internal errors are a sign of SQL Injection vulnerability

Lab 2: SQL injection vulnerability allowing login bypass

• https://portswigger.net/web-security/sql-injection/lab-login-bypass
• https://www.youtube.com/watch?v=ML3aGaloczI
• lab doesn't require burp suite, just feeding SQL queries into login form
• guessing SELECT firstname FROM users WHERE username='admin' AND password='admin'
• single quotes raising internal errors are a sign of SQL Injection vulnerability
• if at first you don't succeed, try, try again: admin, administrator, etc etc etc
• https://www.youtube.com/watch?v=fMPvCyD2v4w
• This is another version of the same lab, but using the Python requests library

SQL Injection UNION Attacks

https://portswigger.net/web-security/sql-injection/union-attacks

Lab 3: SQL injection UNION attack, determining the number of columns returned by the query

• https://portswigger.net/web-security/sql-injection/union-attacks/lab-determine-number-of-columns
• this page covers a ton of information: SQL Injection/UNION Attack
• guide: https://www.youtube.com/watch?v=umXGHbEyW5I

Lab 4: SQL injection UNION attack, finding a column containing text

• https://portswigger.net/web-security/sql-injection/union-attacks/lab-find-column-containing-text
• guide: https://www.youtube.com/watch?v=SGBTC5D7DTs

Lab 5: SQL injection UNION attack, retrieving data from other tables

• https://portswigger.net/web-security/sql-injection/union-attacks/lab-retrieve-data-from-other-tables
• guide: https://www.youtube.com/watch?v=6Dsj5SqR944

Lab 6: SQL injection UNION attack, retrieving multiple values in a single column

• https://portswigger.net/web-security/sql-injection/union-attacks/lab-retrieve-multiple-values-in-single-column
• guide: https://www.youtube.com/watch?v=yRVYoqR9vrI

Examining the Database

Lab 7: SQL injection attack, querying the database type and version on Oracle

• https://portswigger.net/web-security/sql-injection/examining-the-database/lab-querying-database-version-oracle

Lab 8: SQL injection attack, querying the database type and version on MySQL and Microsoft

• https://portswigger.net/web-security/sql-injection/examining-the-database/lab-querying-database-version-mysql-microsoft

Lab 9: SQL injection attack, listing the database contents on non-Oracle databases

• https://portswigger.net/web-security/sql-injection/examining-the-database/lab-listing-database-contents-non-oracle

Lab 10: SQL injection attack, listing the database contents on Oracle

• https://portswigger.net/web-security/sql-injection/examining-the-database/lab-listing-database-contents-oracle

Blind SQL Injection

https://portswigger.net/web-security/sql-injection/blind

Cheat Sheet

https://portswigger.net/web-security/sql-injection/cheat-sheet