Introduction
We covered the types of SQL injection vulnerability namely error based, time based, blined and boolean based SQL injection. We used TryHackMe Junior Penetration Tester pathway.
SQL (Structured Query Language) Injection, mostly referred to as SQLi, is an attack on a web application database server that causes malicious queries to be executed. When a web application communicates with a database using input from a user that hasn’t been properly validated, there runs the potential of an attacker being able to steal, delete or alter private and customer data and also attack the web applications authentication methods to private or customer areas. This is why as well as SQLi being one of the oldest web application vulnerabilities, it also can be the most damaging.
Challenge Questions and Answers
What is the name of the grid-like structure which holds the data?
What SQL clause can be used to retrieve data from multiple tables?
What SQL statement is used to add data?
Video Walk-through