SQL Injection
This room teaches SQL injection from the ground up. You'll learn what databases and SQL are, then move through four practical levels: in-band UNION injection to dump tables, authentication bypass with OR 1=1, boolean-based blind injection to extract data character by character, and time-based blind injection using SLEEP(). The deployed machine has a multi-level web app where each level teaches a different SQLi technique. You'll enumerate databases, tables, columns, and extract credentials to progress through all four levels.
Skills You Will Learn
Prerequisites
- thm-walkinganapplication
- thm-contentdiscovery
- web-basics
- http-requests
Walkthrough Phases
SQL & Database Fundamentals
Understand databases, SQL syntax, and how SQL injection works
Level 1: In-Band UNION SQLi
Use UNION injection to enumerate the database and extract credentials
Level 2: Authentication Bypass
Bypass a login form using SQL injection
Level 3: Boolean-Based Blind SQLi
Extract database contents character by character using true/false responses
Level 4: Time-Based Blind SQLi
Extract data using time delays when there's no visible true/false response
Out-of-Band SQLi & Remediation
Understand OOB exfiltration and how to prevent SQL injection