From charlesreid1

Revision as of 21:33, 14 March 2022 by Unknown user (talk) (→‎Examining Databases)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Main article: SQL Injection

This page contains notes on how to use Burp Suite to perform SQL injection attacks.

Basics

Hidden Data Attacks

Hidden data attacks come from examining parameters passed as part of a request, and fiddling with the parameters to reveal hidden data

UNION Attacks

Main article: SQL Injection/UNION Attack

Examining Databases

Main article: SQL Injection/UNION Attack

Resources

Links

Port Swigger Burp Suite training material:

What is SQL injection? https://portswigger.net/web-security/sql-injection
SQL injection union attacks: https://portswigger.net/web-security/sql-injection/union-attacks
Examining the database: https://portswigger.net/web-security/sql-injection/examining-the-database
Blind SQL injection: https://portswigger.net/web-security/sql-injection/blind
Cheat sheet: https://portswigger.net/web-security/sql-injection/cheat-sheet

Retrieved from "https://charlesreid1.com/w/index.php?title=Burpsuite/SQL_Injection&oldid=29332"