SQL Injection is an exploit technique used by an attacker to alter the queries made to an SQL database. This can be used to fetch or modify the content of a database. SQL injection are found when an user supplied value is used incorectly in an SQL query. While SQLi are mostly found in web application, they can also be found I any other app using SQL.

Example

Imagine the following php code for a simple admin login.

We can see that an user supplied pass is injected directly inside the query. This really bad practice make your code vulnerable to SQL injection attack.
This is what the actual query look like after the variable substitution:

Now let's look at what happend when we tried to inject some malicious SQL.

• Regular request
• Inject malicious SQL

When the $pass is set to admin' OR 'a'='athe meaning of query change, this is an injection. Here the attacker completly bypass the password check because of the extra OR true at the end.
But this is not the only thing an attacker can do in this scenario, by using the union feature of SQL it is possible to extract anything from the database.

• Inject UNION

This time, instead of only fetching the username, the query will also return the password of the admin.

Trainings

Now that you know the basics of SQL injection, you can test your skill, you can test your skill on our official challenges:

• Simple Login Bypass
• First exfiltration
• No LIMIT
• Exploration
• Injection in INSERT
• Filter bypass