From charlesreid1

Revision as of 18:59, 9 March 2022 by Unknown user (talk)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Main article: SQL Injection

This page contains notes on how to use Burp Suite to perform SQL injection attacks.

Basics

Hidden Data Attacks

Hidden data attacks come from examining parameters passed as part of a request, and fiddling with the parameters to reveal hidden data

UNION Attacks

Examining Databases

Resources

Links

Port Swigger Burp Suite training material:

What is SQL injection? https://portswigger.net/web-security/sql-injection
SQL injection union attacks: https://portswigger.net/web-security/sql-injection/union-attacks
Examining the database: https://portswigger.net/web-security/sql-injection/examining-the-database
Blind SQL injection: https://portswigger.net/web-security/sql-injection/blind
Cheat sheet: https://portswigger.net/web-security/sql-injection/cheat-sheet

Retrieved from "https://charlesreid1.com/w/index.php?title=Burpsuite/SQL_Injection&oldid=29241"