✔️ Unrestricted Access to web application data

✔️ Steal Credentials

✔️ Full control on a web application

Structured Query Language used to interact with backend databases

SQLi will allow us to take over SQL statements

• we will gain control over:

SQL basics:

• SQL statements syntax
• How to perform a query
• How to Union results of two queries
• How comments work

🟥 SQL statements

we know the basic syntax

• we can select constants
• UNION syntax
• the two strings you can use for comments

🟪 SQL queries inside web applications

to do the above from the web app, we should confirm that the web application:

• connected to the database
• submits queries to the database
• retrieve the results
• Static Query in a PHP example:
• Dynamic Query in a PHP example: