Mastering SQL injection
How experts look for SQL injection vulnerabilities
“Hello, my name is ' or 1=1 #”
Taught by: Peter Zsiros
Length: 20+ hours
Do you want to know SQL injection inside out?
Though SQL injection is not a new hacking technique, it still remains an alarming threat to a great proportion of web applications, so every good ethical hackers should know it in depth.
The main goal of this training is to guide you through the penetration testing of web applications that use databases, from basic to expert level. You will get in-depth coverage of all the techniques, not just the basics found everywhere on the internet. In addition to learning the usage of the most popular and usable automated tools, you will also learn to manually test the applications so you understand the vulnerabilities and the techniques to take advantage of them.
You will learn how to find error based, union based and blind SQL injection vulnerabilities, how to fetch data from the database, how to evade filters and web application firewalls, how to fetch files from the operating system or write files out with the help of SQL injection.
Join our course today and start learning SQL injection in a profound way.
Other hacking courses from the same trainer, Peter Zsiros.
For penetration testers who need to know and understand SQL injection techniques in depth and what happens under the hood when using automated tools for web application testing. Also recommended for system and security administrators who need to administer and defend web applications and systems. It can be useful for web application developers to get to know the techniques hackers use to attack their web applications.
Basic knowledge in networking and HTML, understand and write SQL queries.
- 50GB of free hard drive
- Virtualization software (e.g.: VirtualBox, VMware)
You will be able to test web applications against SQL injections with and without automated tools. The in-depth knowledge you acquire during the course will enable you to stand out from the masses as a real ethical hacker, instead of just using automated tools without understanding what is happening.
Curriculum and videos
Start the course for free! No credit card needed.
Section 1 - Setup and bypassing basic login screen
First we create an environment to test SQL injections. (For this you can download the virtual machine and the ISO image from http://www.duckademy.com/downloads.) After that you will learn how to bypass a basic login screen and variations of a basic login screen using manual SQL injection, sqlmap and Burp Suite.
- Virtual lab and downloads info.pdf 1 page
- SQL injection.iso ISO image, 1GB
- Sample code.7z for all the course exercises, 6KB
- Test cases 1-18.7z 3KB
- Queries.zip 5KB
- Video 1 - Setting up the environment.mp4 7:29, 21MB
- Video 2 - Bypassing basic login screen.mp4 1:14:50, 245MB
- Video 2 - SQL statements.txt 11KB
Section 2 - Bypassing basic login screen (cont.)
In this sectipn you will learn how to bypass a basic login screen and variations of a basic login screen that use widely used filtering techniques with the help of sqlmap and Burp Suite. You will also learn how to bypass a basic login screen and variations of a basic login screen that use numeric only fields.
- SQL injection training book.pdf step-by-step manual, 222 pages, 11MB
- Video 3 - User side filtering and apostrophe filtering bypass.mp4 33:57, 92MB
- Video 4 - Bypassing server side row counting and white space filtering.mp4 37:53, 112MB
- Video 5 - Bypassing a basic login screen with numeric fields.mp4 41:12, 125MB
Section 3 - Retrieving database metadata using SQL injection
First we will show you how to retrieve metadata such as database names, table names and column names by using SQL injection. After that you will learn how to retrieve metadata by using SQL injection when common filtering methods (user side filtering, apostrophe filtering, server side row counting and white space filtering) and numeric only fields are used.
- Video 6 - Retrieve database properties using SQL injection through a basic login screen.mp4 45:51, 90MB
- Video 7 - Retrieve database properties ... user side filtering and apostrophe filtering.mp4 01:07:45, 162MB
- Video 8 - Retrieve database properties ... server side row counting and white space filtering.mp4 57:36, 129MB
- Video 9 - Retrieve database properties ... with numeric fields.mp4 1:03:13, 129MB
Section 4 - Using blind SQL injection
Blind SQL Injection is a form of SQL Injection that overcomes the lack of error messages. In this section you will learn how to retrieve arbitrary data with the use of blind SQL injection techniques. We will examine their usage when common filtering techniques such as white space filtering and row checking are used. We will also test these techniques when the input field is numeric only.
- Video 10/1 - Using blind SQL injection to get arbitrary data_Part 1.mp4 41:21, 90MB
- Video 10/2 - Using blind SQL injection to get arbitrary data_Part 2.mp4 46:29, 117MB
- Video 11 - Using blind SQL injection ... if brackets are used.mp4 58:14, 138MB
- Video 12 - Retrieving arbitrary data ... user side filtering is used.mp4 53:19, 120MB
- Video 13 - ... apostrophes are not allowed or server side row checking is applied.mp4 52:49, 116MB
- Video 14 - ... server side row checking is applied or white spaces are disabled.mp4 48:26, 99MB
- Video 15 - ... if numeric fields and basic regexp number tests are used.mp4 45:11, 108MB
- Video 16 - ... in the case of numeric fields with regexp filters.mp4 54:36, 109MB
Section 5 - Error based SQL injection
Error based SQL injection takes advantage of poor error handling in an application. Learn how to retrieve arbitrary data with the use of error based SQL injection techniques. In this section you will get an introduction to error based SQL injection through a basic login screen.
Section 6 - Error based SQL injection (cont.)
In this section you will learn how to retrieve arbitrary data with the use of error based SQL injection techniques when common filtering techniques such as white space filtering and row checking are used. We will also examine these techniques when the input field is numeric only.
Section 7 - Other useful SQL injection possibilities
In this section first you will learn how to attack and retrieve arbitrary data by taking advantage of vulnerabilities in the ORDER BY and GROUP BY clauses and the INSERT statement. After that we will examine how to retrieve arbitrary data in several ways with the help of "UNION", even when filtering is used. Finally you will learn how to read content from and write to arbitrary files using SQL injection.
Bonus section 1 - Webapp defense with ModSecurity
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. In this section we will examine how we can defend against the previously introduced SQL injection attacks with ModSecurity, which is one of the most widely spread web application firewall.
- Bonus video 1 - Webapp defense with ModSecurity.mp4 31:38, 113MB
Bonus section 2 - How to defend databases from SQL injection
HexaTier (formerly GreenSQL) is an open source database firewall used to protect databases against SQL injection attacks. In this section we will show you a way to eliminate the earlier introduced SQL injection attacks with this database firewall.