SQL Injection Fundamentals Medium
Databases are an important part of web application infrastructure and SQL (Structured Query Language) to store, retrieve, and manipulate information stored in them. SQL injection is a code injection technique used to take advantage of coding vulnerabilities and inject SQL queries via an application to bypass authentication, retrieve data from the back-end database, or achieve code execution on the underlying server.
Created by MinatoTW
Database Management systems offer faster storage and retrieval of data in comparison to traditional file storage. This makes them the medium of choice for storing data such as credentials, posts, and comments used by web applications. However, improperly implemented SQL logic can be dangerous and can lead to authentication bypass, information disclosure, remote code execution, and total server compromise.
Applications implement code to create SQL queries to interact with databases. These queries can incorporate user input, which may not be properly sanitized. This leads to the creation of queries that cause unintended actions other than what the developer expected.
This module aims to develop the skills necessary to identify and exploit SQL injection vulnerabilities, mainly for MySQL databases, and as an intro to all other types of SQL injections.
In this module, we will cover the following topics:
- Basics of databases and their different types
- Basics of SQL and MySQL
- Basic statements and operators in MySQL and how to use them
- What are SQL injections, and how can we use them
- Use SQL injections to subvert the web application logic and bypass authentication
- Use UNION SQL injections to dump data from different tables and databases within the DMBS
- Use SQL injections to read files of the back-end server
- Use SQL injections to write a web shell on the back-end server and gain remote control over it
- How to mitigate such SQL injections and patch your code
This module is broken down into sections with accompanying hands-on exercises to practice each of the tactics and techniques we cover. The module ends with a practical hands-on skills assessment to gauge your understanding of the various topic areas.
As you work through the module, you will see example commands and command output for the various topics introduced. It is worth reproducing as many of these examples as possible to reinforce further the concepts introduced in each section. You can do this in the Pwnbox provided in the interactive sections or your own virtual machine.
You can start and stop the module at any time and pick up where you left off. There is no time limit or "grading," but you must complete all of the exercises and the skills assessment to receive the maximum number of cubes and have this module marked as complete in any paths you have chosen.
The module is classified as "Medium" but assumes a working knowledge of the Linux command line and an understanding of information security fundamentals.
A firm grasp of the following modules can be considered prerequisites for successful completion of this module:
- Networking Fundamentals
- Linux Fundamentals
- Intro to web applications
- Web Requests
- Intro to Databases
- Types of Databases
- Intro to MySQL
- SQL Statements
- Query Results
- SQL Operators
- Intro to SQL Injections
- Subverting Query Logic
- Using Comments
- Union Clause
- Union Injection
- Database Enumeration
- Reading Files
- Writing Files
- Mitigating SQL Injection
- Skills Assessment - SQL Injection Fundamentals