SQL injection

What is SQL injection? 0 of 1

What is SQL injection (SQLi)? Get started

How to detect SQL injection vulnerabilities 0 of 2

How to detect SQL injection vulnerabilities

SQL injection in different parts of the query

Retrieving hidden data 0 of 3

Retrieving hidden data

Retrieving hidden data - Continued

Lab: SQL injection vulnerability in WHERE clause allowing retrieval of hidden data APPRENTICE

Subverting application logic 0 of 2

Subverting application logic

Lab: SQL injection vulnerability allowing login bypass APPRENTICE

SQL injection UNION attacks 0 of 2

SQL injection UNION attacks

SQL injection UNION attacks - Continued

Determining the number of columns required 0 of 4

Determining the number of columns required

Determining the number of columns required - Continued

Lab: SQL injection UNION attack, determining the number of columns returned by the query PRACTITIONER

Database-specific syntax

Finding columns with a useful data type 0 of 2

Finding columns with a useful data type

Lab: SQL injection UNION attack, finding a column containing text PRACTITIONER

Using a SQL injection UNION attack to retrieve interesting data 0 of 2

Using a SQL injection UNION attack to retrieve interesting data

Lab: SQL injection UNION attack, retrieving data from other tables PRACTITIONER

Retrieving multiple values within a single column 0 of 2

Retrieving multiple values within a single column

Lab: SQL injection UNION attack, retrieving multiple values in a single column PRACTITIONER

Examining the database 0 of 5

Examining the database in SQL injection attacks

Querying the database type and version

Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft PRACTITIONER

Listing the contents of the database

Lab: SQL injection attack, listing the database contents on non-Oracle databases PRACTITIONER

Blind SQL injection 0 of 2

Blind SQL injection

What is blind SQL injection?

Exploiting blind SQL injection by triggering conditional responses 0 of 4

Exploiting blind SQL injection by triggering conditional responses

Exploiting blind SQL injection by triggering conditional responses - Continued

Lab: Blind SQL injection with conditional responses PRACTITIONER

Error-based SQL injection 0 of 7

Error-based SQL injection

Exploiting blind SQL injection by triggering conditional errors

Exploiting blind SQL injection by triggering conditional errors - Continued

Lab: Blind SQL injection with conditional errors PRACTITIONER

Extracting sensitive data via verbose SQL error messages

Extracting sensitive data via verbose SQL error messages - Continued

Lab: Visible error-based SQL injection PRACTITIONER

Exploiting blind SQL injection by triggering time delays 0 of 3

Exploiting blind SQL injection by triggering time delays

Exploiting blind SQL injection by triggering time delays - Continued

Lab: Blind SQL injection with time delays and information retrieval PRACTITIONER

Exploiting blind SQL injection using out-of-band (OAST) techniques 0 of 5

Exploiting blind SQL injection using out-of-band (OAST) techniques

Exploiting blind SQL injection using out-of-band (OAST) techniques - Continued

Lab: Blind SQL injection with out-of-band interaction PRACTITIONER

Exploiting blind SQL injection using out-of-band (OAST) techniques - Continued

Lab: Blind SQL injection with out-of-band data exfiltration PRACTITIONER

SQL injection in different contexts 0 of 2

SQL injection in different contexts

Lab: SQL injection with filter bypass via XML encoding PRACTITIONER

Second-order SQL injection 0 of 1

Second-order SQL injection

How to prevent SQL injection 0 of 2

How to prevent SQL injection

How to prevent SQL injection - Continued

Contents

Get started: What is SQL injection (SQLi)?