TryHackMe: SQL Injection Vulnerability in Web Applications

# TryHackMe: SQL Injection Vulnerability in Web Applications ## What is SQL Injection? SQL Injection (SQLi) is a code injection technique where malicious SQL code is inserted into input fields to manipulate database queries. ## Types of SQL Injection ### 1. In-band SQLi - **Union-based**: Uses UNION clause to combine results - **Error-based**: Extracts information from error messages ### 2. Blind SQLi - **Boolean-based**: Exploits boolean conditions - **Time-based**: Uses time delays to infer information ### 3. Out-of-band SQLi Retrieves data through external channels (DNS, HTTP) ## Practical Example ### Vulnerable Code ```php $username = $_GET['username']; $query = "SELECT * FROM users WHERE username = '$username'"; $result = mysqli_query($conn, $query); ``` ### Exploitation Input: `admin' OR '1'='1` Resulting query: ```sql SELECT * FROM users WHERE username = 'admin' OR '1'='1' ``` ## Prevention Techniques - Use prepared statements - Input validation and sanitization - Principle of least privilege - Web Application Firewall (WAF)