From charlesreid1

This page covers how to perform SQL Injection attacks with Burp Suite.

Burp Suite Training

SQL Injection Labs

https://portswigger.net/web-security/sql-injection

Lab 1: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data


Lab 2: SQL injection vulnerability allowing login bypass

SQL Injection UNION Attacks

https://portswigger.net/web-security/sql-injection/union-attacks

Lab 3: SQL injection UNION attack, determining the number of columns returned by the query

Lab 4: SQL injection UNION attack, finding a column containing text

Lab 5: SQL injection UNION attack, retrieving data from other tables

Lab 6: SQL injection UNION attack, retrieving multiple values in a single column

Examining the Database

Lab 7: SQL injection attack, querying the database type and version on Oracle

Lab 8: SQL injection attack, querying the database type and version on MySQL and Microsoft

Lab 9: SQL injection attack, listing the database contents on non-Oracle databases

Lab 10: SQL injection attack, listing the database contents on Oracle

Blind SQL Injection

https://portswigger.net/web-security/sql-injection/blind

Lab 11: Blind SQL injection with conditional responses


Lab 12: Blind SQL injection with conditional errors

  • https://portswigger.net/web-security/sql-injection/blind/lab-conditional-errors
  • https://www.youtube.com/watch?v=_7w-KEP_K5w
  • this one takes a while, and is faster to do with the professional edition
  • visit a page, capture request, and tamper with the cookie tracking ID parameter (per exercise instructions)
  • step 1: prove parameter is vulnerable (sql injection is possible, but can we inject valid SQL?)
  • step 2: confirm there is a "users" table in the DB
  • step 3: confirm there is an administrator user in the users table
  • step 4: check the length of the password by modifying the same query
  • step 5: output admin password one character at a time
  • step 6: automate with cluster bomb type attack

SQL Injection with XML External Entities (XXE)

Lab 17: SQL injection with filter bypass via XML encoding

Cheat Sheet

https://portswigger.net/web-security/sql-injection/cheat-sheet