Solving SQL Injection Lab’s from PortSwigger

SQL Injection

Follow us for updates in the meantime.


BASIC SQL INJECTION ATTACKS


Lab 1 : SQL Injection Vulnerability in WHERE clause allowing retrieval of hidden data.

Lab 2 : SQL injection vulnerability allowing login bypass


SQL INJECTION UNION ATTACK:


Lab 3 : SQL injection UNION attack, determining the number of columns returned by the query

Lab 4 : SQL injection UNION attack, finding a column containing text

Lab 5 : SQL injection UNION attack, retrieving data from other tables

Lab 6 : SQL injection UNION attack, retrieving multiple values in a single column

Lab 7 : SQL injection attack, querying the database type and version on Oracle

LAB 8 : Lab: SQL injection attack, querying the database type and version on MySQL and Microsoft

Lab 9 : SQL injection attack, listing the database contents on non-Oracle databases

Lab 10 : SQL injection attack, listing the database contents on Oracle


BLIND SQL INJECTION ATTACKS


Lab 11 : Blind SQL injection with conditional responses

Lab 12 : Blind SQL injection with conditional errors

Lab 13 : Blind SQL injection with time delays

Lab 14 : Blind SQL injection with time delays and information retrieval

Lab 15 : Lab: Blind SQL injection with out-of-band interaction

Lab 16 : Lab: Blind SQL injection with out-of-band data exfiltration

Lab 17 : SQL injection with filter bypass via XML encoding


Additional References which is helpful to understand the techniques used in solving the above logs.


Ref 1 : String Concatenations

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s