What is sql injection?

A SQL injection is an attack in which the attacker sends a specially crafted SQL query (statement), to a database server and modifies the database as desired. An SQL injection occurs when user input is improperly sanitized before being used in an SQL query.

The vulnerability can be exploited by providing input via the user interface, or through hidden fields; however, if user input is used for parameters such as a name or an id, those parameters should be validated as well to make sure that no invalid input is used.

SQL Injection: How does it work?

In a vulnerable server, a parameter that is supplied by the user can be modified by the attacker in order to run arbitrary SQL code or commands on the back-end database. There are multiple ways of performing this kind of attack.

What’s in this course

In this course you will learn how to do SQL injection using a real world example. It’s a course for beginners who never did SQL injection before. After completing this course you will be able to detect if a website is vulnerable to SQL injection, be able to get data from the web apps database and compromise a database.