0Sec
0Sec
0Sec
  • Spider Security
  • offensive security
    • OSCP
      • WriteUps
        • PortSwigger
          • SQL injection labs
          • Exploiting XXE to retrieve data by repurposing a local DTD
        • PentesterLabs
          • Recon
        • HTB
          • BoardLight
          • Lame
        • THM
          • Walkthroughs
            • Attacktive Directory
            • LineKernel
            • Day 1 — Linux PrivEsc
          • CTF
            • Page
            • BLUE
            • mKingdom
            • RazorBlack
      • Module 1 (General Info)
      • Module 2 (Getting Kali)
        • Leason 1 - Booting Up Kali Linux
        • Leason 2 - The Kali Menu
        • Leason 4 - Finding Your Way Around Kali
        • Leason 5 - Managing Kali Linux Services
      • Module 3 (CLI)
        • The Bash Environment
        • Piping and Redirection
        • Text Searching and Manipulation
          • Regular
        • Managing Processes
        • File and Command Monitoring
      • Module 4 (Practical Tools)
        • Netcat
        • Socat
        • PowerShell & Powercat
        • Wireshark
        • Tcpdump
      • Module 5 (Bash Script)
      • Module 6 (Passive Info Gathering)
      • Module 7 ( Active Info Gathering)
      • Module 8 (Vulnerability Scanning)
      • Module 9 (Web Application Attacks)
        • Cross Site Scripting (XSS)
        • local file inclusion & remote file inclusion
          • Exploit LFI
        • SQL injection
          • Blind Boolean based SQL & Evasion Techniques
          • SQL
          • Login bypass List
        • File upload
        • Remote code execution
      • Module 10 ( Intro Buffer OverFlow)
      • Module 11 (Widows Buffer OverFlow)
        • Buffer OverFlow Challange
      • Module 12 (Linux Buffer OverFlows)
      • Module 13 (Clint Side Attacks)
      • Module 14 (Locating Public Exploits)
      • Module 15 (FIxing Exploits)
      • Module 16 (File Transfers)
      • Module 17 (Antivirus Evasion)
        • Windows
      • Module 18 (Privllege Escalation)
        • Windows
          • Checklist
          • THM - Windows PrivEsc Arena
        • Linux
          • Checklist
          • Linux PrivEsc Arena
      • Module 19 (Password Attacks)
      • Module 20 (Port Redirection and Tunneling)
      • Module 21 (Active Directory Attacks)
        • adbasics_v1.2
      • Module 22 (Metasploit Framwork)
      • Module 23 (Powershell Empire)
      • Course Materials
  • SANS
  • AppSec
    • EWAPTX
      • PHP Type Juggling
      • CSP
      • SqlI
        • Information_schema
        • WriteUps
      • SSTI & CSTI
      • XSS_HTML Injection
      • CORS Attack
      • Clickjacking
      • Open redirect
      • JSONP
      • LFI && LFD && RFI
      • HTTP Host header attacks
      • CSRF
      • XML injection
      • XML external entity (XXE) injection
      • APIs & JWT attacks
      • Insecure Deserialization
      • OAUTH 2.0 authentication vulnerabilities
      • Host Header Injection
      • Insecure Direct Object References (IDOR)
  • Reverse Eng & Malware dev
    • Internals
      • Windows internals
        • Topics in GitHub
        • Chapter 1 Concepts and tools
        • Chapter 2. System architecture
        • Chapter 3. Processes and jobs
        • Chapter 4. Threads
        • Chapter 5. Memory management
        • Chapter 6. I/O system
        • Chapter 7. Security
      • Linux internals ⇒ Soon
      • MacOs X internals ⇒ Soon
  • cheat sheet
    • Pentest_Notes
    • Linux BOF & Wireless Attacks
    • WriteUps
Powered by GitBook
On this page
  1. offensive security
  2. OSCP
  3. Module 9 (Web Application Attacks)
  4. SQL injection

SQL

SQL, which stands for Structured Query Language, is a standardized programming language used for managing and manipulating relational databases. SQL is used to perform various operations on the data stored in databases, including querying, updating, inserting, and deleting data. Here are some key aspects of SQL:

Key Components and Concepts

  1. Database: A collection of organized data that SQL operates on.

  2. Table: A structured format to store data within a database, consisting of rows and columns.

  3. Column: A vertical entity in a table that contains all information associated with a specific field.

  4. Row: A horizontal entity in a table that represents a single record.

Common SQL Commands

  1. Data Querying (SELECT):

    SELECT column1, column2 FROM table_name WHERE condition;

    Example:

    SELECT name, age FROM employees WHERE department = 'Sales';

  2. Data Insertion (INSERT):

    INSERT INTO table_name (column1, column2) VALUES (value1, value2);

    Example:

     INSERT INTO employees (name, age, department) VALUES ('John Doe', 30, 'Marketing');

  3. Data Updating (UPDATE):

     update table_name SET column1 = value1, column2 = value2 WHERE condition;

    Example:

    UPDATE employees SET age = 31 WHERE name = 'John Doe';

  4. Data Deletion (DELETE):

    DELETE FROM table_name WHERE condition;

    Example:

    DELETE FROM employees WHERE name = 'John Doe';

  5. Data Definition (CREATE TABLE, ALTER TABLE, DROP TABLE):

    • Create a new table:

      CREATE TABLE table_name (
    column1 datatype,
    column2 datatype,
    ...
);

      Example:

      CREATE TABLE employees (
    id INT PRIMARY KEY,
    name VARCHAR(100),
    age INT,
    department VARCHAR(50)
);

    • Modify an existing table:

      ALTER TABLE table_name ADD column_name datatype;

      Example:

      ALTER TABLE employees ADD email VARCHAR(100);

    • Delete a table:

      DROP TABLE table_name;

      Example:

      DROP TABLE employees;

SQL Variants

SQL syntax can vary slightly between different database management systems (DBMS), such as MySQL, PostgreSQL, Microsoft SQL Server, Oracle Database, and SQLite. While the core functionality remains the same, each system might have specific extensions or differences in syntax.

Use Cases of SQL

  • Data Retrieval: Extracting specific data from large datasets.

  • Data Manipulation: Inserting, updating, and deleting data within tables.

  • Data Control: Managing access permissions and security.

  • Data Definition: Creating, modifying, and deleting database structures.

PreviousBlind Boolean based SQL & Evasion TechniquesNextLogin bypass List

Last updated 11 months ago