Skip to main content

SQL Injection (SQLi) for Beginners: A Step-by-Step Guide to Your First Hack

 

What is SQL Injection (SQLi)?

SQL Injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data they are not normally able to retrieve.

How Does it Work? (The Logic)

Imagine a login form where you enter your username. The database query looks like this: SELECT * FROM users WHERE username = 'YOUR_NAME' AND password = 'YOUR_PASSWORD'

If the website is vulnerable, an attacker can enter ' OR 1=1 -- in the username field. The query becomes: SELECT * FROM users WHERE username = '' OR 1=1 --' AND password = '...'

Since 1=1 is always true, the database grants access without a valid password!

Types of SQL Injection

  1. In-band SQLi (Classic): The attacker uses the same communication channel to launch the attack and gather results.

    • Error-based: Forcing the database to produce an error message.

    • Union-based: Using the UNION SQL operator to combine results.

  2. Inferential SQLi (Blind): The attacker sends data to the server and observes the response (True/False or Time Delay).

  3. Out-of-band SQLi: The attacker gets data through a different channel (like DNS or HTTP requests).

Hands-on Lab: Solving Your First PortSwigger SQLi Lab

To master SQLi, I recommend starting with PortSwigger’s SQL injection vulnerability in WHERE clause allowing retrieval of hidden data lab.

Step-by-Step Solution:

  1. Access the Lab: Open the lab and go to a product category (e.g., 'Gifts').

  2. Intercept the Request: Use Burp Suite to intercept the request or just look at the URL: https://your-lab-id.web-security-academy.net/filter?category=Gifts

  3. Test for Vulnerability: Add a single quote ' after the category name. If the page shows an error or changes, it might be vulnerable.

  4. Exploit: Change the URL to: .../filter?category=Gifts' OR 1=1 --

  5. Result: You will see all items from all categories, including hidden ones!

How to Prevent SQL Injection?

If you are a developer, here is how you can stop these attacks:

  • Use Prepared Statements (with Parameterized Queries): This is the most effective defense.

  • Input Validation: Never trust user input.

  • Principle of Least Privilege: Ensure the database user has limited permissions.

Conclusion

SQL Injection is a fundamental skill for every Penetration Tester. Mastering this will help you understand how databases interact with web applications.

Final Note

Always practice XSS only in authorized environments such as security labs and training platforms.

Comments

Popular posts from this blog

File Inclusion Vulnerabilities: Understanding LFI and RFI for Beginners (2026 Guide)

Introduction In this part of the cybersecurity series, we will explore a critical web vulnerability known as File Inclusion . File Inclusion occurs when a web application allows users to control which files are loaded or executed on the server without proper validation. This vulnerability can lead to sensitive data exposure or even full server compromise. What is File Inclusion? File Inclusion is a vulnerability where an application includes files based on user input without proper validation or restrictions. There are two main types of File Inclusion vulnerabilities: Local File Inclusion (LFI) Remote File Inclusion (RFI) 1. Local File Inclusion (LFI) LFI allows an attacker to access and sometimes execute files that are stored on the local server. How LFI Works Consider a website that loads pages using a parameter: https://example.com/view.php?page=contact.php If the application is vulnerable, an attacker can manipulate the parameter: https://example.com/view.php?page=../../../../etc/p...

Ethical Hacking & Penetration Testing Roadmap (2026)

A Complete Beginner-to-Professional Guide Why Learn Ethical Hacking? In today’s digital environment, organizations constantly face cyber threats. Ethical hackers play a key role in identifying vulnerabilities before attackers can exploit them. This field offers: High demand career opportunities Continuous learning Multiple income streams (job, bug bounty, freelancing) Quick Overview of the Roadmap This roadmap is divided into 7 practical stages: Fundamentals Web Security Hands-on Practice Tools Mastery Real-World Testing Reporting Skills Specialization Stage 1: Fundamentals (Build Your Base) Before touching any hacking tools, you must understand the basics. Networking IP Addressing TCP/UDP DNS & HTTP/HTTPS Operating Systems Linux (essential) Windows basics Programming Python (automation) JavaScript (web understanding) Stage 2: Web Security (Core Skills) Focus on the most common vulnerabilities: SQL Injection Cross-Site Scripting (XSS) Broken Access Control (IDOR) File Inclusion SSR...

WHOIS Lookup (2026): Uncovering Domain Ownership & Server Details

  Welcome to another segment of our Information Gathering series! In our previous post, we explored WhatWeb to identify a website's internal technology stack. However, to understand who is behind a website, when it was registered, or which company manages its infrastructure, we need a technique called WHOIS Lookup . WHOIS is a fundamental footprinting method used by penetration testers to gather domain-level intelligence. What is WHOIS? WHOIS (pronounced as the phrase "who is") is a query and response protocol used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name or an IP address block. Essentially, it acts as a public directory providing details about domain ownership, registration dates, expiry dates, and authoritative name servers. Why is it Important for Ethical Hackers? For a security researcher, a WHOIS lookup is vital for several reasons: Ownership Identity: Identifies the person or organization ...