SQL Injection Lab Tryhackme Writeup

Room link: https://tryhackme.com/room/sqlilab
Note: This room is Free

Before You go through this writeup First Complete This Room

Task 2: Introduction to SQL Injection: Part 1

SQL injection is a technique through which attackers can execute their own malicious SQL statements generally referred to as a malicious payload. Through the malicious SQL statements, attackers can steal information from the victim’s database; even worse, they may be able to make changes to the database. Our employee management web application has SQL injection vulnerabilities, which mimic the mistakes frequently made by developers.

Applications will often need dynamic SQL queries to be able to display content based on different conditions set by the user. To allow for dynamic SQL queries, developers often concatenate user input directly into the SQL statement. Without checks on the received input, string concatenation becomes the most common mistake that leads to SQL injection vulnerability. Without input sensitization, the user can make the database interpret the user input as a SQL statement instead of as…