Crypto 1: SQL Injection

by Renuka Bhusari

Sql injection is a web vulnerability in which an attacker can inject special characters into an sql query and take control of the query. This allows them to potentially leak, delete, or compromise data. Ever seen a site asking you to not use —? That’s because of sql injection!

This cyber academy we will be learning about this attack and performing it in increasingly stricter filters and protections!

Slides

Challenges

The following challenges in increasing difficulty are deployed to platform.acmcyber.com to practice the concepts covered in the slides.

• Challenge 1 - web/flag-store
• Challenge 2 - web/flag-store2
• Challenge 3 - web/flag-store3
• Challenge 4 - web/flag-store4
• Challenge 5 - web/flag-store5
• Challenge 6 - web/la-housing-portal

Resources

The following resources are great tools for sql challenges:

• db-fiddle: An sql playground for testing sql queries with many databases.
• payloadsallthethings: A list of common payloads.