Welcome
  • 👋Welcome!
  • 🔍About Me
  • 🔨Projects
    • Aircrack-ng
    • SQL Injection
    • Data Exfiltration
    • Persistence
    • Lateral Movement
    • Pico Ducky
    • Useful Commands
      • Windows
      • Linux
    • Reverse Shell
    • Metasploit
    • Useful commands for website hacking
    • Web Status Code Guides
    • Zaid Website Hacking Course Notes
    • Security+ Notes
  • Try Hack Me
  • Hack The Box
    • Support
  • Hacker One
  • 👶Freshman
    • System 140
      • Tech Glossary
      • Week 1
        • Connecting to Cyber.Local
        • Number Systems Journal 1
      • Week 2
        • SYS 140 Lab 1
        • Chapter 3 A+
        • johnson_homework1
      • Week 3
        • Derek Johnson Lab3
        • System Fundementals Hw #2
        • Derek Johnson w3 journal
      • Week 4
        • Derek Johnson RAM Lab
        • Notes
        • SYS140_Chapter7_lab
      • Week 5
        • Tech Journal
        • SYS140_Chapter7_lab
      • Week 6
        • Lab #5: PC Purchase
        • Tech Journal Week 6
      • Week 7
        • Rainmeter Lab
      • Week 8
        • Week 8 Journal
      • Week 9
        • Homework #5: I/O Research Questions
        • Accessibility Lab
        • Chapter 13 Journal
      • Week 10
        • Homework #6 Chap. 15 Commands
        • NetworkToolsLab
        • Lab 2
      • Week 11
        • Lab 9a Scripting Practice
        • Lab 9b Scripting Practice
      • Week 12
        • Week 12 Journal
      • Week 13
        • Lab 10b Linux Command Line Programs
        • Sysinternals
        • Information Literacy Integration_21
      • Week 14
        • 11/28/2022 Notes
        • Automatic Updating
        • Lab Guide on Windows 10 dd
      • Week 15
        • DF Lab_SYS140wk15
    • Security 110
      • Tech Glossary
      • Week 1
        • Professional Document Template
      • Week 2
        • Deploy a Virtual Machine
      • Week 3
        • UDP Scan Lab
      • Week 4
        • TCP Scan Lab
      • Week 5
        • Google Hacking
      • Week 6
        • Data Security Principles - Information States
        • Osint Findings
        • Security Goals
      • Week 7
        • Data Security Principles
          • SEC 110_Assignment_3 1
      • Week 8
        • Wireshark Lab
      • Week 9
      • Week 10
        • Crypto Scheme
        • 1 Caesar Cipher Activity
        • Encryption in Transit Lab
      • Week 11
      • Week 12
        • 2 Digital Certificates
        • 1_ Hash Functions Lab
        • 1_ MCRYPT
      • Week 13
        • 2_ HASHING ACTIVITY
        • Public Key Encryption
        • Public Key Encryption Part 2
      • Week 14
        • 3 Password Audits
      • Week 15
        • 2_ Digital Signatures
        • Web Security Research
    • Network 150
      • Week 1
        • johnson lab1.1 01 20 23
      • Week 2
        • Journal-Notes-01-24-23
        • Intro to Packet Tracer
        • 01 25 23 IntroToPacketTracer Johnson
      • Week 3
        • johnson-01-27-23-ObservingLan
      • Week 4
        • Johnson 3.2 02 05 23
        • Lab 3.2 notes
        • 1 johnson 02 05 23
      • Week 5
        • Lab 4-1: ARP Packet Tracer Lab
        • Lab 4-2
        • Lab-4-2-submission
        • Lab 4-3
        • 3 Johnson
        • Lab 5-1
        • Week 11
          • Dynamic Routing
      • Week 8
        • Lab 7.1 deliverable
        • Lab 7.1 Notes
      • Week 12
        • Rip-Lab-10.1
        • 10-1 Lab Johnson
        • 10-2-Johnson
      • Week 13
        • Lab 11-1 VLANs in Packet Tracer Johnson
      • Week 14
        • Lab-12-2-Johnson
        • Lab Notes
      • Lab-14-1-Johnson
    • Security 250
      • Week 1
        • Week 1: Lab Attack Simulation
        • Week 1a: Legal Analysis
      • Week 2
      • Week 3
      • Week 4
        • johnson 3bLab phishingquiz
      • Week 5
        • Steganography sec250 FA 2022 (1)
        • Shell lab SP17 DBGrevised (1)
        • Notes
      • Week 6
        • Vulnerability Information Gathering Johnson
        • Mid Term Notes
      • Week 11
        • NMAP Lab Commands
      • Week 12
        • Open VPN Lab
  • 🧒Sophomore
  • 🧑‍🦱Junior
  • 🧓Senior
  • 📧Contact
    • Links
Powered by GitBook
On this page
  • Tutorial Video
  • Requirements
  • Step 1: Try a commonly used username and password.
  • Step 2: testing sql syntax
  • Step 3: Changing the sql code
  1. Projects

SQL Injection

PreviousAircrack-ngNextData Exfiltration

Last updated 2 years ago

Tutorial Video

Requirements

  • Computer

  • Internet access

  • Proxy (if you want to stay anonymous)

Step 1: Try a commonly used username and password.

username: admin password: password123

This not surprisingly didn't work and returned the following message.

Step 2: testing sql syntax

In this step we want to test the sql syntax to see if it is possible to alter how the code executes on the database side.

username: admin' password: password123

As we can see adding a ' to the end of our username caused a syntax error confirming that we can alter the sql code and how it is executed.

Step 3: Changing the sql code

With the sql injection, we want to try and alter the sql code to only require a username to return true and authenticate us as the admin user.

username: admin'-- password: password123

After entering this injection you should be logged in to the website as admin. What the additional '-- does is comments out the rest of our sql code.

🔨