SQL injection tutorial for beginners on how to bypass basic login screen – SQL injection explained




This SQL injection tutorial for beginners is the 2nd tutorial of the Mastering SQL injection course at Duckademy. Start the course for free. Apart from this SQL injection tutorial the first…

Original source


34 responses to “SQL injection tutorial for beginners on how to bypass basic login screen – SQL injection explained”

  1. Great explanation and methodology for anyone needing to understand the input injection methods and why it works or doesn't in some aspects. A bonus was the added use of Burpsuite (and some steps on using that to automate the process).

    Well done – Keep the instructional videos coming 🙂

  2. Mr Duckacadamy you forgot someting YOU ARE IN 2016 and 99% of website who keep important details on database they are not using anymore parameter like ID=1 this video is for servers from 2009-2010 was 7 year ago if you are a good tester explain haw you will use sqlinjection on website without PARAMETER info.php?id= , item_id= , readnews.php?id= etc. because i will remember you …..IS 2016 and all the people who create website they like use WORLDPRESS

  3. thank you for the awsome tutorial but can you help me ?
    i got this error message" You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1" but it's not in login page how can i use it ??

  4. I'm trying to sell my security software to companies but I must first prove to them that their websites can be attacked relatively easily. They are using wordpress websites. I am going to present my product to them, while presenting I want to show them that I have hacked their website. Will this work with wordpress websites?

  5. awesome .. very usefull…
    i have scanned a website with acunetix on windows and niko on parrot… i found alot of vulnerability
    next step is how to hack..
    vul 1 blind sql Scripting (Blind_Sql_Injection
    This vulnerability affects localhost.com:80/sd/are/ad-tential/us-emd.
    URL encoded POST input ctl12_TSSM was set to if(now()=sysdate(),sleep(0),0)/'XOR(if(now()=sysdate(),sleep(0),0))OR'"XOR(if(now()=sysdate(),sleep(0),0))OR"/

    Tests performed:
    if(now()=sysdate(),sleep(4),0)/'XOR(if(now()=sysdate(),sleep(4),0))OR'"XOR(if(now()=sysdate(),sleep(4),0))OR"/ => 20.016 s

Leave a Reply