SQL injection overview

What is it?

SQL injection is where an attacker is able to manipulate database queries made by an application.

A simple example

  • A vulnerable web application has the endpoint /search?product={productName}

  • When a request is made, the application uses SQL to search for the product SELECT * FROM products WHERE name=$productName

  • If an attacker inserts a payload into {productName} such as anything' UNION SELECT password FROM users WHERE username = 'admin that modifies the query, sensitive data could be leaked.

  • The vulnerable application sends this query to the database and the database returns the admin's password.

It's important to note that a payload or attack may change depending on the application, the query, and the database. SQL injection can often lead to:

  • Sensitive data exposure

  • Data manipulation

  • Remote code execution

  • Denial of service

Other learning resources:


Have a good writeup & want to share it here? Drop me a message on LinkedIn.



# Basic login bypass
' AND 1=1#
' UNION SELECT null,null FROM users-- -
# Blind
' AND SUBSTR((SELECT version()),1,1)='7'#
CAST((SELECT example_column FROM example_table) AS int)

Last updated