Ethical Hacking: SQL Injection

Learn about the SQL command language and SQL injections. Examine SQL injections in MySQL, SQL Server, and Oracle XE, and discover how attackers defeat web application firewalls.

Introduction

• Understanding how SQL injections work
• What you should know
• Disclaimer

1. SQL Basics

• Starting with SQL
• Creating a MySQL database
• Using SQL
• Finding the SQL password

2. Testing for SQL Injections

• Checking out the Security Shepherd
• Injecting Mutillidae
• Deep diving the target with SQLi
• Cracking the MySQL hash
• Injecting Microsoft SQL Server
• Injecting Oracle SQL Server

3. Automating SQL Injection Exploits

• Inferring TRUE when blind
• Using prepared SQL queries
• Getting our first sqlmap injection
• Sanitizing input to SQL
• Inserting an SQL injection via Burp Suite
• Following up with a second injection
• Defeating the WAF
• Navigating a complex injection
• Using request messages to inject SQL
• Checking out SQLI Labs

Conclusion

• What's next?