Research Academy
My account Customers About Blog Careers Legal Contact Resellers
Back to all learning paths
PRACTITIONER

SQL injection

This learning path teaches you how to find and exploit SQL injection, a classic vulnerability responsible for many high-profile data breaches. This path is suitable regardless of whether you're completely new to SQL injection or want to improve your existing knowledge and skills.

Contents

Resume now: Extracting sensitive data via verbose SQL error messages - Continued

37 of 51

RESUME LEARNING

What is SQL injection? 1 of 1

What is SQL injection (SQLi)?

How to detect SQL injection vulnerabilities 2 of 2

How to detect SQL injection vulnerabilities

SQL injection in different parts of the query

Retrieving hidden data 3 of 3

Retrieving hidden data

Retrieving hidden data - Continued

Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data APPRENTICE

Subverting application logic 2 of 2

Subverting application logic

Lab: SQL injection vulnerability allowing login bypass APPRENTICE

SQL injection UNION attacks 2 of 2

SQL injection UNION attacks

SQL injection UNION attacks - Continued

Determining the number of columns required 4 of 4

Determining the number of columns required

Determining the number of columns required - Continued

Lab: SQL injection UNION attack, determining the number of columns returned by the query PRACTITIONER

Database-specific syntax

Finding columns with a useful data type 2 of 2

Finding columns with a useful data type

Lab: SQL injection UNION attack, finding a column containing text PRACTITIONER

Using a SQL injection UNION attack to retrieve interesting data 2 of 2

Using a SQL injection UNION attack to retrieve interesting data

Lab: SQL injection UNION attack, retrieving data from other tables PRACTITIONER

Retrieving multiple values within a single column 2 of 2

Retrieving multiple values within a single column

Lab: SQL injection UNION attack, retrieving multiple values in a single column PRACTITIONER

Examining the database 5 of 5

Examining the database in SQL injection attacks

Querying the database type and version

Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft PRACTITIONER

Listing the contents of the database

Lab: SQL injection attack, listing the database contents on non-Oracle databases PRACTITIONER

Blind SQL injection 2 of 2

Blind SQL injection

What is blind SQL injection?

Exploiting blind SQL injection by triggering conditional responses 4 of 4

Exploiting blind SQL injection by triggering conditional responses

Exploiting blind SQL injection by triggering conditional responses - Continued

Exploiting blind SQL injection by triggering conditional responses - Continued

Lab: Blind SQL injection with conditional responses PRACTITIONER

Error-based SQL injection 6 of 7

Error-based SQL injection

Exploiting blind SQL injection by triggering conditional errors

Exploiting blind SQL injection by triggering conditional errors - Continued

Lab: Blind SQL injection with conditional errors PRACTITIONER

Extracting sensitive data via verbose SQL error messages

Extracting sensitive data via verbose SQL error messages - Continued Resume

Lab: Visible error-based SQL injection PRACTITIONER

Exploiting blind SQL injection by triggering time delays 0 of 3

Exploiting blind SQL injection by triggering time delays

Exploiting blind SQL injection by triggering time delays - Continued

Lab: Blind SQL injection with time delays and information retrieval PRACTITIONER

Exploiting blind SQL injection using out-of-band (OAST) techniques 0 of 5

Exploiting blind SQL injection using out-of-band (OAST) techniques

Exploiting blind SQL injection using out-of-band (OAST) techniques - Continued

Lab: Blind SQL injection with out-of-band interaction PRACTITIONER

Exploiting blind SQL injection using out-of-band (OAST) techniques - Continued

Lab: Blind SQL injection with out-of-band data exfiltration PRACTITIONER

SQL injection in different contexts 0 of 2

SQL injection in different contexts

Lab: SQL injection with filter bypass via XML encoding PRACTITIONER

Second-order SQL injection 0 of 1

Second-order SQL injection

How to prevent SQL injection 0 of 2

How to prevent SQL injection

How to prevent SQL injection - Continued