[ Certified Ethical Hacker v10 ] :: [ Chapter 6 cont’d] :: SQL Injection

This entry is part 11 of 30 in the series [ Certified Ethical Hacker Training ]

SQL injection

Definition and Examples

Your basic task in to interrupt a SQL query and force it to run your own code. Usually you can do this be adding an invalid character, like a single quote. You can attack GET and POST submissions using options.

Definition, Risk Factors and Examples from https://owasp.org/www-community/attacks/SQL_Injection :


select id, firstname, lastname from authors

Input from a web form:

Firstname: evil'ex
Lastname: Newman

The query string becomes:

select id, firstname, lastname from authors where forename = 'evil'ex' and surname ='newman'

SQL Injection Examples

From https://portswigger.net/web-security/sql-injection :

There are a wide variety of SQL injection vulnerabilities, attacks, and techniques, which arise in different situations. Some common SQL injection examples include:

Examples for SQL Server, MySQL, PostgreSQL and Oracle

Our old friends at PenTestMonkey provide LOTS of examples for:

MS SQL Server: http://pentestmonkey.net/cheat-sheet/sql-injection/mssql-sql-injection-cheat-sheet

Oracle DB: http://pentestmonkey.net/cheat-sheet/sql-injection/oracle-sql-injection-cheat-sheet

MySQL (MariaDB): http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet

A cheat sheet and examples for MS SQL, MySQL, PostgreSQL and Oracle


Dumping a Complete Database


OWASP Web Security Testing Guide

This is a rocking complete methodology for web app testing. I’ll link to the SQL Injection section, but check out the many other areas this guide covers.


Website Hacking: Dumping Database Using SQL Injection [DVWA SQL]



1. Log into your root-me.org account, click Challenges and click Web Server. This will get you here:

Start with “SQL Injection – Authentication”. Note all the other SQL Injection challenges. Can you beat them all?

2. In either Metasploitable2 or your own installation, go to DVWA, find Vulnerability – SQL Injection, and dump all user names. See this guide if you need help: