SQL Injection
In the Lecture Materials we have looked at SQL Injection
Here we will dig deeper and try to find more information.
Getting Started: The Web Trainer
For the next set of tasks I have setup a docker container that has examples. You can find the docker compose file
Instructions for the Trainer
- Make sure you have docker installed
-
Install docker-compose
$sudo pip3 install docker-compose -
Download the docker compose file
-
Run the compose file with
$sudo docker-compose up -
There will now be a website running on your machine at
172.18.0.1
Using WSL
If you are using WSL the address will be the address of your WSL container.
You can find this with ip addr
Tasks:
Login Bypass
- Try the login bypass example in Login Bypass
Stretch Goal
So we can login as Admin. Can you think of a way we could maipulate the query to login as someone else?
Database Enumeration
- Try the Database Enumaation Example in Database Enumeration
Done All That
Try SQL Injection in the DVWA
Done That Also
- Ask me about more examples from a CTF I made.