Member-only story
¿What is an sql injection?
Sql Injection or SQL Injection is a vulnerability that allows the attacker to send or “inject” SQL instructions in a malicious and malicious way.
¿Why an sql error occurs?
An SQL error normally occurs with the bad filtering of the variables in a program that has or creates SQL, generally when you ask a user for inputs of any type and they are not validated, such as their name and password, but in exchange for this information the attacker sends an invasive SQL statement that will be executed against the database.
Sql injection types
An sql injection can be exploited in 2 different ways, manually, that is, the attacker will inject the script by hand in order to generate the action within the database.
On the other hand we have the automated injection with sqlmap, sqlmap is a tool specially designed for this type of attack, it is in charge of analyzing the page, seeing if it is vulnerable and attacking, it is said that it is automated since the tool does everything by itself , the user only needs to enter the options they want to use to make the scan more effective.
Manual sql injection
Detect a vulnerable page
One of the main things where we have to look to detect if a page is vulnerable to sql injection is in its parameters, let’s imagine the following:
