SQL Injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application’s database server .
The impact SQL injection can have on a business is far reaching. A successful attack may result in the unauthorized viewing of user lists, the deletion of entire tables and, in certain cases, the attacker gaining administrative rights to a database, all of which are highly detrimental to a business.
Most people think that they know SQL injection. Some people may think that SQL injection is limiting in how it passes the login form. But, SQL injection covers a large area of research.
First, let’s take a look it what SQL injection is.
Well, SQL injection is a way or technique that can fool the server. All we need to know is how the server side programming is communicating with the server.
Once we find this information, we know it is between 40-50%. When we open any website it works in this way.
client->DNS->Server-> then server response goes straight to the client.
Then, after that, our communication starts in a new way.
client->server (DNS not required because we already have the IP)
Next, if the website has a database, we will want to log in. Then our communication will work in this way.
Next, we need to realize the server that we are sending the information to so that it passes it to the correct server. Then the server will provide us the response.
As in a query ‘or 1=1’, there are many techniques to realize that we are passing the true information.
Now, some of you may say, “I want to learn SQL Injection, but I’m not able to find quality practice projects.” My recommendation is download the bricks project https://sechow.com/bricks/download.html and start practicing it.