How to Learn SQL Injection

in infosec •  7 years ago 

I remember when I was new to the internet and programming, I often found myself reading about SQL injection. I always felt like this was something I wanted to learn, but I never knew where to start with reading about this topic.
My interest in SQL injection came from reading about people using sql injection in illegal hacking, like as mentioned in these writeups:
https://yoirtuts.com/index.php?title=Finfischer_Hack
https://yoirtuts.com/index.php?title=Hacking_TEAM_Hack

Please be aware I would encourage you to hack your own stuff or to hack in CTF competitions instead of doing something that is not legal. Hacking random vulnerable crappy PHP/MYSQL websites on the internet takes little to no skill. Like they say in this song:


the same goes for a real hacker:"But real gangsta-ass niggas don't flex nuts
Cause real gangsta-ass niggas know they got em"

Here is a great list of CTF writeups if you are interested:

https://github.com/ctfs/write-ups-2017

See the following blogpost on the topic:

http://www.infosectoughguy.com/2017/06/how-to-learn-sql-injection.html

Also here is an excellent youtube playlist on the topic. For me it helped to make notes with pen and paper while watching these videos. Each video is very rich in information:

Part 1
Part 2
Part 3
Part 4
Part 5
The list goes on. Just continue with part 6 and so forth. The author also created a github repo
that contains some of the examples:

https://github.com/Audi-1/sqli-labs

Please comment if you have any questions.
PS: Don't learn to hack, hack to learn!

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!