SQLMap: The Basics
Premium roomLearn about SQL injection and exploit this vulnerability through the SQLMap tool.
easy
45 min
56,425
To access material, start machines and answer questions login.
injection is a prevalent vulnerability and has long been a hot topic in cyber security. To understand this vulnerability, we must first learn what a database is and how websites interact with a database.
A database is a collection of data that can be stored, modified, and retrieved. It stores data from several applications in a structured format, making storage, modification, and retrieval easy and efficient. You interact with several websites daily. The website contains some of the web pages where user input is required. For instance, a website with a login page asks you to enter your credentials, and once you enter them, it checks if the credentials are correct and logs you in if they are. As many users log in to that website, how does that website record all these users’ data and verify it during the authentication process? This is all done with the help of a database. These websites have databases that store the user and other information and retrieve it when needed. So when you enter your credentials to a website’s login page, the website interacts with its database to check if these credentials are correct. Similarly, if you have an input field to search for something, for instance, an input field of a bookshop website allows you to search for the available books for sale. When you search for any book, the website will interact with the database to fetch the record of that book and display it on the website.
Now, we know that the website asks the database to retrieve, store, or modify any data. So, how does this interaction take place? The databases are managed by Database Management Systems (DBMS), such as MySQL, PostgreSQL, SQLite, or Microsoft Server. These systems understand the Structured Query Language (). So, any application or website uses queries when interacting with the database.
This room will teach you the basics of injection and how to use an automated tool to carry out injection. It will also dive practically into the topic through a hands-on challenge.
Learning Objectives
- injection vulnerability
- Hunting injection through the tool
Room Prerequisites
While having a solid Fundamentals knowledge is helpful, it is not required to complete this room.
Which language builds the interaction between a website and its database?
Ready to learn Cyber Security?
The SQLMap: The Basics room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in