Forum Thread: SQL Injection...

Hi, as we know sql injection is very powerfull way for leaking database, hacking websites. So I want to know how can I masterate in SQL injection, where should I start..?

12 Responses

You can start practicing with a simple vulnerable web application such as Damn Vulnerable Web Application, It will give you the basics of SQL Injection. Then you can use automated tools (sqlmap) to perform this type of attacks, but you have to understand the basics before going in depth. There are tutorials here on NullByte about SQL Injection.

stop using sqlmap and learn my-sql language because iTS most popular

Are you sure about what you're talking? sqlmap automatize attacks against MySQL servers (among others).

By using sqlmap you wont master sqli
so thats why i suggest learning a db language like mysql

MySQL is not a language but rather a database management system that runs SQL. Nearly every database management system runs SQL. Learning SQL will help to master SQLi.

what are you talking about... Go do your homework before saying sentences like that : Yes, SQL is a language

As the SQL acronym pronounces, it is a language. It offers looping, logic directives, variables, and so on. Now, it's not a language in the same sense as, say, Java or C++: SQL is considered a fourth-generation language (4GL), whereas Java and C++ are third-generation languages (3GLs).

Maybe you should do your homework and read more carefully, before bad-mouthing someone. I said that "MySQL is not a language". SQL is the language that nearly ever DBMS uses.

I'm happy you can read wikipedia, though.

Would you like to retract you post, Se7en?

freedom of choice.
They can use what they want.

Another tip is to WATCH Sqlmap throw payloads at vulnerable sites, AFTER learning SQL. You need to set a higher verbosity level though.

That was a huge jump for me, some of the payloads I never even knew existed lol.

You should start with setting up enviroment. Simple mysql server. Then practice sql queries, database management. After that install DVWA or another really vunerable app and start learning step by step sqli from 1 or 1' to some blindsql master tricks. Have fun!

Thanks. But I think I want to do it manually not with any automated tool because if I do it manually then only I can (we can) learn something...

Of course, I have stated that you need to understand the basics before going in depth. The basics include learning SQL.

Share Your Thoughts

  • Hot
  • Active