What is SQLi? Or SQL Injection? This is a vulnerability in SQL that allows an attacker to send queries to a database that were not intended during normal use. How do you find SQLi? Some simple checks are - to use a single quote (’) where input is excepted and look for errors and odd behavior in the output. - Another method is using boolean conditions such as 1=1 or 1=2. - We may also use payloads that will trigger delays in the SQL query to look for different responses. - “–” is a comment indicator in SQL. Query is then interpreted as the comment. Removing the rest of the query.

It can look something like this:

https://insecure-website.com/products?category=Gifts'+OR+1=1--

Common Injection points In UPDATE statements of updated values or within WHERE clause In INSERT statement values In SELECT statement in table or values in columns
In SELECT statement ORDER BY

WARNING! using OR 1=1 into an SQL if reaching UPDATE or DELETE statement can result in data loss.

Subverting application logic

SELECT * FROM users WHERE username = 'wiener' AND password = 'bluecheese'

to 

SELECT * FROM users WHERE username = 'administrator'--' AND password = ''
-- This will bypass the need to provide the administrator cridentials

Retrieving data from other database tables.

SELECT name, description FROM products WHERE category = 'Gifts'

' UNION SELECT username, password FROM users--

# This will causes the application to return
usernames and credentials found in the database.

Impact Passwords can be leaked or circumvented. Risk to customers and reputation Credit card details exposed Personal user information

[[References]] https://portswigger.net/web-security/sql-injection Port Swagger SQL Labs