Recomendation about SQLi learning material

Hi everyone! :wave:

What happens

Along of my process solving CTF and VBD challenges I’ve noted that When I face challenges relationship with SQLi or those in which I must find and exploit that kind of vulnerability. I’m having some problems to solve them and It’s clear that I have to work so hard in this subject if I want to solve challenges with higher difficult level.

What do you understand or find about that problem

I think that nowadays there are several methodologies to do a SQLi attack and until this moment I’ve explored and studied only some of them.

You make any workaround? What did you do?

Clearly I’ve been searching information relationship with this subject in internet. However until this moment I feel that although I’ve strengthened my knowledge in this topic. It’s clear that I have a large number of techniques to learn in this area.

Evidences

It can see below some of the consulted bibliography

https://apps.nsa.gov/iaarchive/customcf/openAttachment.cfm?FilePath=/iad/library/ia-guidance/tech-briefs/assets/public/upload/Defending-Against-the-Exploitation-of-SQL-Vulnerabilities-to-Compromise-a-Network.pdf&WpKes=aF6woL7fQp3dJiqDhxdx9mhJPgU7XP9hunzkqT

I need help with

I’d like that some of you who know and have find out a large number of techniques to carry out this kind of attack to advice or recommend me bibliographic specialized material or any kind of learning advanced material which could help me to improve my knowledge and skills to solve more difficult challenges and learn more about in this field.

Hey there

Actually, there’s plenty of resources out there that can be useful, there’s no particular roadmap to learn how to SQLi, it is up to you to decide which sources suit best for your learning, you can start by theoretical and examples lessons such as:

SQL Injection Tutorial: Learn with Example or
SQL Injection Lab - NotSoSecure
SQL Injection

And slowly migrate to more challenging labs to test what you’ve learned:

https://zixem.altervista.org/SQLi/
https://hack.me/t/SQLi

This is only one route you can take, if you’re already familiar with the theory you can start by the challenges.

Remember that SQLi is only one vulnerability, so if you’re planning to learn to hack it is wise to learn other common vulnerabilities and misconfiguration. Hope it helps

Hi @hermit-purple
I really thank your help :ok_hand::+1:.
Having checked the first links, I’ve found clear explanations about SQLi which mix with some practical and simple exercises have allowed me to understand in a better way the SQLi working. Now I plan to work more with the labs links to apply that knowledge and assess my learning. On the other hand I totally agree with you since it’s necessary to know a large number to vulnerabilities to hack a real system so I’m going to keep studying and researching about them.

1 Like