Estimated reading time: 1.5 minutes
Hello everyone,Most people think that they know SQL injection. Some people may think that SQL injection is limiting in how it passes the login form. But, SQL injection covers a large area of research.First, let's take a look it what SQL injection is.Well, SQL injection is a way or technique that can fool the server. All we need to know is how the server side programming is communicating with the server.Once we find this information, we know it is between 40-50%. When we open any website it works in this way.
- client->DNS->Server-> then server response goes straight to the client.
- responce: server->client.
Then, after that, our communication starts in a new way.
- client->server (DNS not required because we already have the IP)
Next, if the website has a database, we will want to log in. Then our communication will work in this way.
Next, we need to realize the server that we are sending the information to so that it passes it to the correct server. Then the server will provide us the response.As in a query ‘or 1=1’, there are many techniques to realize that we are passing the true information.Now, some of you may say, "I want to learn SQL Injection
, but I'm not able to find quality practice projects." My recommendation is download the bricks project (http://sechow.com/bricks/download.html
Be careful when using the servers. Choose the correct one - I suggest uwamp. It provides an auto configuration with uwamp. If you want to use the xammp or wamp then we have to configure the username and password of that project.http://www.uwamp.com/en/?page=download
.I hope this information will help to make you an expert.Thank you and best regards.