SQL Injections (SQLi)

In this lab, you will learn how to perform a SQL Injection attack (SQLi) password bypass attack. You will also get an understanding of what is SQLi, how it works, why SQLi happens, and how to mitigate SQLi attacks.

outcomes

In this lab, you will learn to:

Perform an SQL injection password bypass attack.
Analyze why it happens and how to mitigate against it.

Videos:

Before you start this lab, review these videos.

SQLi Password Bypass

Analysis of the Vulnerability

Mitigating the Attack

Overview

The development of this document is funded by the Boston Area Advanced Technological Education Connections (BATEC) Grant No. NSF-0703097 thru Bunker Hill Community College.

An SQL injection (SQLi) is the process of injecting unauthorized characters into SQL query statement in order to alter a response. In this lab, we will demonstrate three phases of security (exploitation, analysis, and mitigation) in order to get a better understanding of why SQLi occur and how they can potentially be stopped.

SQL Injection

Courses

Pentesting and Understanding Vulnerabilities - Skill Labs

Key terms and descriptions

SQL injection (SQLi)

SQL injection is a type of attack in which an attacker can execute arbitrary SQL commands on a vulnerable web application.