Autoplay
Autocomplete
Previous Lesson
Complete and Continue
SQL Injection
Introduction
Course Introduction (2:19)
Course Slides and Scripts
Getting Help
Answering Your Questions (3:11)
Join the Discord Server
SQL Injection - Technical Deep Dive
Agenda (1:28)
What is SQL Injection (29:42)
How to Find SQL Injection Vulnerabilities (12:09)
How to Exploit SQL Injection Vulnerabilities (12:38)
How to Prevent SQL Injection Vulnerabilities (8:56)
Additional Resources (0:43)
Lab Environment Setup
Lab Environment Setup (7:21)
Step-by-Step Guide
Hands-On SQL Injection Labs
Lab #1 SQL injection vulnerability in WHERE clause allowing retrieval of hidden data (29:06)
Lab #2 SQL injection vulnerability allowing login bypass (33:17)
Lab #3 SQLi UNION attack determining the number of columns returned by the query (33:59)
Lab #4 SQL injection UNION attack, finding a column containing text (29:08)
Lab #5 SQL injection UNION attack, retrieving data from other tables (24:45)
Lab #6 SQL injection UNION attack, retrieving multiple values in a single column (29:24)
Lab #7 SQL injection attack, querying the database type and version on Oracle (26:50)
Lab #8 SQLi attack, querying the database type and version on MySQL & Microsoft (22:16)
Lab #9 SQL injection attack, listing the database contents on non Oracle databases (45:18)
Lab #10 SQL injection attack, listing the database contents on Oracle (40:24)
Lab #11 Blind SQL injection with conditional responses (48:38)
Lab #12 Blind SQL injection with conditional errors (44:58)
Lab #13 Blind SQL injection with time delays (19:08)
Lab #14 Blind SQL injection with time delays and information retrieval (35:37)
Note - Changes to Burp Collaborator
Lab #15 Blind SQL injection with out-of-band interaction (10:19)
Lab #16 Blind SQL injection with out of band data exfiltration (8:17)
Lab #17 SQL injection with filter bypass via XML encoding (7:14)
Lab #18 Visible error-based SQL injection (14:46)
Thank You!
Thank You!
Step-by-Step Guide
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock