Introducci贸n al Hacking de Aplicaciones Web
Bienvenida al Mundo del Hacking de Aplicaciones Web
Herramientas B谩sicas para Aprender Hacking
OWASP: Top 10 y Testing Guide
Burpsuite: An谩lisis de Solicitudes HTTP
HTTP: M茅todos y C贸digos de Status
Cabeceras HTTP y Cookies
Tipos de Aplicaciones Web y An谩lisis de sus Tecnolog铆as
T茅cnicas de Hacking de Aplicaciones Web
Defacement: Vulnerabilidad en File Upload
T茅cnicas de File Inclusion: Local y Remote
Full Path Disclosure y Directory Traversal
Command Injection
SQL Injection Manual
SQL Injection Automatizada con SQLMap
Despedida
Contin煤a Aprendiendo de Hacking de Aplicaciones Web
You don't have access to this class
Keep learning! Join and start boosting your career
SQL Injection is one of the most known vulnerabilities in web applications. This technique allows injecting malicious SQL code into an application to manipulate databases. Identifying this vulnerability is crucial to protect your applications.
Identify the vulnerability:
'
) in text fields can reveal syntax errors, indicating a possible vulnerability.Analyze the source code:
User ID
, can be manipulated to include malicious code.Once the vulnerability is confirmed, you can proceed to execute SQL injections to extract information, all for educational and controlled testing purposes.
' OR 1=1 --
to manipulate queries and respond with more data than intended.' OR 1=1 --
Query available columns:
ORDER BY
to determine how many columns can be selected in the query.Execute Union Select queries:
' UNION SELECT database(), @@version --
Once you have identified the vulnerabilities and manipulated the queries, you can explore what tables and columns exist in the database.
information_schema
.' UNION SELECT SELECT table_name, column_name FROM information_schema.columns WHERE table_schema = DATABASE() --
Union Select
to access specific tables such as users
and fields that store users and passwords.' UNION SELECT SELECT user, password FROM users --
Basic SQL Injection techniques can become a tedious process. SQL Map is a tool that automates the injection process, handling different levels of complexity and providing faster and more secure access to the desired information.
The practice and knowledge of these techniques should be used for educational purposes and to improve the security of your own applications, never for malicious activities. The next step in this web security exploration will introduce you to SQL Map and its advantages.
Contributions 2
Questions 1
Want to see more contributions, questions and answers from the community?