Introduction

We covered the types of SQL injection vulnerability namely error based, time based, blined and boolean based SQL injection. We used TryHackMe Junior Penetration Tester pathway.

SQL (Structured Query Language) Injection, mostly referred to as SQLi, is an attack on a web application database server that causes malicious queries to be executed. When a web application communicates with a database using input from a user that hasn’t been properly validated, there runs the potential of an attacker being able to steal, delete or alter private and customer data and also attack the web applications authentication methods to private or customer areas. This is why as well as SQLi being one of the oldest web application vulnerabilities, it also can be the most damaging.

Challenge Questions and Answers

What is the acronym for the software that controls a database?

What is the name of the grid-like structure which holds the data?

What SQL statement is used to retrieve data?

What SQL clause can be used to retrieve data from multiple tables?

What SQL statement is used to add data?

What character signifies the end of an SQL query?
What is the flag after completing level 1?
What is the flag after completing level two? (and moving to level 3)
What is the flag after completing level three?
What is the final flag after completing level four?
Name a protocol beginning with D that can be used to exfiltrate data from a database.

Video Walk-through

 

About the Author

Cybersecurity Trainer MS in Cybersecurity Expertise in Healthcare and Finance Industries Penetration tester and compliance auditor

View Articles