Mastering SQL Injection - The Ultimate Hands-On Course

Name: Mastering SQL Injection - The Ultimate Hands-On Course
Rating: 4.8 (683 reviews)

How to Find, Exploit and Defend Against SQL Injection Vulnerabilities. For Ethical Hackers, Developers & Pentesters

Highest Rated

Created byExperts with David Bombal, Rana Khalil, David Bombal

Last updated 8/2023

English

What you'll learn

Learn how to find SQL Injection vulnerabilities from both a black-box and white-box perspective.
Learn how to exploit SQL Injection vulnerabilities of varying difficulty levels.
Gain hands-on experience exploiting SQL injection vulnerabilities using Burp Suite Community and Professional editions.
Learn how to automate attacks in Python.
Learn how to defend against SQL Injection vulnerabilities.

Course content

6 sections • 30 lectures • 9h 42m total length

Course Introduction2:19

Lab #1 SQL injection vulnerability in WHERE clause allowing retrieval of hidden28:33
In this video, we cover Lab #1 in the SQL injection track of the Web Security Academy. This lab contains an SQL injection vulnerability in the product category filter. To solve the lab, we perform a SQL injection attack that causes the application to display details of all products in any category, both released and unreleased.
Lab #2 SQL injection vulnerability allowing login bypass33:12
In this video, we cover lab #2 in the SQL injection track of the Web Security Academy. This lab contains a SQL injection vulnerability in the login function. To solve the lab, we perform a SQL injection attack that bypasses authentication and allows us to log into the application as the administrator user.
Lab #3 SQLi UNION attack determining the number of columns returned by the query33:54
In this video, we cover Lab #3 in the SQL injection track of the Web Security Academy. This lab contains a SQL injection vulnerability in the product filter category field. This vulnerability can be exploited using a UNION attack to retrieve data from other tables. To solve the lab, we perform a SQL injection attack that determines the number of columns that are being returned by the query. This is the first step of a SQL injection UNION attack. We'll use this technique in subsequent labs to construct the full attack.
Lab #4 SQL injection UNION attack, finding a column containing text29:03
In this video, we cover Lab #4 in the SQL injection track of the Web Security Academy. This lab contains an SQL injection vulnerability in the product category filter. To solve the lab, we perform a SQL injection attack that returns an additional row containing the value provided. This technique helps us determine which columns are compatible with string data.
Lab #5 SQL injection UNION attack, retrieving data from other tables24:40
In this video, we cover Lab #5 in the SQL injection track of the Web Security Academy. This lab contains a SQL injection vulnerability in the product category field. To solve the lab, we perform a UNION based SQL injection attack that retrieves the usernames and passwords of the users of the application.
Lab #6 SQL injection UNION attack, retrieving multiple values in a single column29:18
In this video, we cover Lab #6 in the SQL injection track of the Web Security Academy. This lab contains a SQL injection vulnerability in the product category field. To solve the lab, we perform a UNION based SQL injection attack that retrieves the usernames and passwords of the users of the application in a single column.
Lab #7 SQL injection attack, querying the database type and version on Oracle26:44
In this video, we cover Lab #7 in the SQL injection track of the Web Security Academy. This lab contains a SQL injection vulnerability in the product category field. To solve the lab, we perform a UNION based SQL injection attack that queries the database type and version on Oracle.
Lab #8 SQLi attack, querying the database type and version on MySQL & Microsoft22:10
In this video, we cover Lab #8 in the SQL injection track of the Web Security Academy. This lab contains a SQL injection vulnerability in the product category field. To solve the lab, we perform a UNION based SQL injection attack that queries the database type and version on Microsoft and MySQL databases.
Lab #9 SQL injection attack, listing the database contents on non Oracle databas45:12
In this video, we cover Lab #9 in the SQL injection track of the Web Security Academy. This lab contains a SQL injection vulnerability in the product category field. To solve the lab, we perform a UNION based SQL injection attack on a PostgreSQL database that retrieves the usernames and passwords of all users of the application.
Lab #10 SQL injection attack, listing the database contents on Oracle40:19
In this video, we cover Lab #10 in the SQL injection track of the Web Security Academy. This lab contains a SQL injection vulnerability in the product category field. To solve the lab, we perform a UNION based SQL injection attack on a Oracle database that retrieves the usernames and passwords of all users of the application.
Lab #11 Blind SQL injection with conditional responses48:33
In this video, we cover Lab #11 in the SQL injection track of the Web Security Academy. This lab contains a blind SQL injection vulnerability. To solve the lab, we perform a blind based SQL injection attack on the database that retrieves the password of the administrator user on the application.
Lab #12 Blind SQL injection with conditional errors44:52
In this video, we cover Lab #12 in the SQL injection track of the Web Security Academy. This lab contains a blind SQL injection vulnerability. To solve the lab, we perform a blind based SQL injection attack on the database that retrieves the password of the administrator user on the application.
Lab #13 Blind SQL injection with time delays19:02
In this video, we cover Lab #13 in the SQL injection track of the Web Security Academy. This lab contains a blind SQL injection vulnerability. To solve the lab, we exploit the time-based SQL injection vulnerability to cause a 10 second delay.
Lab #14 Blind SQL injection with time delays and information retrieval35:31
In this video, we cover Lab #14 in the SQL injection track of the Web Security Academy. This lab contains a blind SQL injection vulnerability. To solve the lab, we exploit the time-based SQL injection vulnerability and output the password of the administrator user.
Note - Changes to Burp Collaborator0:16
Lab #15 Blind SQL injection with out-of-band interaction10:14
In this video, we cover Lab #15 in the SQL injection module of the Web Security Academy. This lab contains a blind SQL injection vulnerability. To solve the lab, we exploit the SQL injection vulnerability to cause a DNS lookup to Burp Collaborator.
Lab #16 Blind SQL injection with out of band data exfiltration8:08
In this video, we cover Lab #16 in the SQL injection module of the Web Security Academy. This lab contains a blind SQL injection vulnerability. To solve the lab, we exploit the out-of-band SQL injection vulnerability to output the administrator password.
Lab #17 SQL injection with filter bypass via XML encoding7:10
In this video, we cover Lab #17 in the SQL injection module of the Web Security Academy. This lab contains a SQL injection vulnerability in its stock check feature. The results from the query are returned in the application's response, so you can use a UNION attack to retrieve data from other tables.
The database contains a users table, which contains the usernames and passwords of registered users. To solve the lab, we perform a SQL injection attack to retrieve the admin user's credentials, then log in to their account.
Lab #18 Visible error-based SQL injection14:42
In this video, we cover Lab #18 in the SQL injection module of the Web Security Academy. This lab contains a SQL injection vulnerability. The application uses a tracking cookie for analytics, and performs a SQL query containing the value of the submitted cookie. The results of the SQL query are not returned.

The database contains a different table called users, with columns called username and password. To solve the lab, find a way to leak the password for the administrator user, then log in to their account.

Requirements

Basic knowledge of computers (i.e. how to use the internet).
Basic knowledge of web fundamentals (HTTP requests, methods, cookies, status codes, etc.).
Basic knowledge of SQL commands and query structure.
Latest version of Kali Linux VM (free download).
PortSwigger Web Security Academy account to access the labs (free registration).
Basic knowledge of Python Scripting.

Description

For the longest time, up until a few years ago, SQL Injection fell under the number one most critical security risk facing web applications today. Although the vulnerability itself is simple to learn and exploit, it can potentially lead to disastrous consequences that leave an organization open to severe risks such as sensitive information disclosure, authentication bypass and even remote code execution.

In this course, we dive into the technical details behind SQL Injection vulnerabilities, the different types of SQL injection vulnerabilities, how to find them from both a black-box and a white-box perspective and cover the different ways to exploit SQL injection vulnerabilities. We also go through prevention and mitigation techniques on how to prevent and mitigate these types of vulnerabilities.

This is not your average course that just teaches you the basics of SQL Injection. This course contains over 9 hours worth of content that not only describes the technical details behind SQL Injection vulnerabilities, but also contains 18 labs that give you hands-on experience exploiting real-world examples. The labs are of varying difficulty levels starting with really simple examples and slowly moving up in difficulty.

If you're a penetration tester, application security speciality, bug bounty hunter, software developer, ethical hacker, or just anyone interested in web application security, this course is for you!

Who this course is for:

Penetration testers that want to understand how to find and exploit SQL injection vulnerabilities.
Software developers that want to understand how to defend against SQL injection vulnerabilities.
Bug bounty hunters that want to understand how to find and exploit SQL injection vulnerabilities.
Individuals preparing for the Burp Suite Certified Practitioner (BSCP) exam.
Individuals preparing for the OSWE certification.

Mastering SQL Injection - The Ultimate Hands-On Course

What you'll learn

Explore related topics

Course content

Introduction1 lecture • 2min

Getting help2 lectures • 5min

SQL Injection - Technical Deep Dive6 lectures • 1hr 6min

Lab Environment Setup1 lecture • 7min

Hands-on SQL Injection Labs19 lectures • 8hr 22min

Bonus Lecture1 lecture • 1min

Requirements

Description

Who this course is for: