---
# System prepended metadata

title: SQLI
tags: [sqlInjection, web]

---

# SQLI

###### tags: `sqlInjection` `web`

https://www.youtube.com/watch?v=1nJgupaUPEQ&list=PLuyTk2_mYISLaZC4fVqDuW_hOk0dd5rlf



## Learning Target 

- what is the SQL injection 

- How do we exploit it 
- How do we prevent it 



# What is the SQL injection 

Vulnerability the consist of an attacker interfering with the sql query that an application make to database 



## Impact of SQLI attacks

![](https://i.imgur.com/ETFCKVl.png)



# OverView 


## In-band (classic)
![](https://i.imgur.com/mmC4ou6.png)

---

![](https://i.imgur.com/lZBbyAu.png)


---

### Types
![](https://i.imgur.com/e9tZJy2.png)


## Inference (blind)

![](https://i.imgur.com/wZESvzD.png)

---

### Types
![](https://i.imgur.com/9ztYiDc.png)

![](https://i.imgur.com/WkrNzdK.png)

And then we could use python script to confirm the hash.



pseudocode (it haven't implemented yet )
```

declare charater []

declare ConfirmedHash []

def getServerResponse()
    return value


def try another charater()
    loop for charater 
    return next caharter 

while 1

    if (getServerResponse not True)

        try another charater()
        
    else 
        confirmedHash.push(currentCharactor)
        
```


## Out-of-Band 

![](https://i.imgur.com/gFal8wK.png)


![](https://i.imgur.com/b38QbhM.png)


# How do we find it 

## black box 



## white box 







## Reference 

Out of band
https://infosecwriteups.com/out-of-band-oob-sql-injection-87b7c666548b



![Uploading file..._srf7lx9rc]()