How to learn SQL injection

In my previous post in the hacker series , we noted that SQL Injection remains a top method for security vulnerabilities. Accordingly- here is a list of resources to learn SQL Injection


SQL injection is a code injection technique that exploits a security vulnerability in an application’s software. The vulnerability happens when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.

Basic Tools

  • SQL Inject Me

SQL Inject Me is the Exploit-Me tool used to test for SQL Injection vulnerabilities.

The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack.The tool works by sending database escape strings through the form fields. It then looks for database error messages that are output into the rendered HTML of the page.

The tool does not attempting to compromise the security of the given system. It looks for possible entry points for an attack against the system. There is no port scanning, packet sniffing, password hacking or firewall attacks done by the tool.

  • Hackbar


This toolbar will help you in testing sql injections, XSS holes and site security. It is NOT a tool for executing standard exploits and it will NOT teach you how to hack a site

  • SQLMap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

Basic Tutorials ( in order of learning)

A site for testing SQL Injection attacks. It is a test system and can be used for honing your SQL Skills.


Intermediate Tutorials on End to End SQL Injection

Step 1: Finding Vulnerable Website:

Step 2: Checking the Vulnerability:

To check the vulnerability , add the single quotes(‘) at the end of the url and hit enter.

If you got an error message , then it means that the site is vulnerable

Step 3: Finding Number of columns:

Step 4: Find the Vulnerable columns:

Step 5: Finding version,database,user

Step 6: Finding the Table Name

Step 8: Finding the Admin Panel:



  • Next Tutorial uses an automated tool called Havij  from

and the tutorial is at

Hacking for Beginners- Top Website Hacks

I really liked this 2002 presentation on Website Hacks at . It explains in a easy manner some common fundamentals in hacking websites. Take time to go through this- its a good example of how hacking tutorials need to be created if you want to expand the number of motivated hackers.

However a more recent list of hacks is here-

The Top Ten

  1. CRIME (12, 3 4) by Juliano Rizzo and Thai Duong
  2. Pwning via SSRF (memcached, php-fastcgi, etc) (23, 4, 5)
  3. Chrome addon hacking (2345)
  4. Bruteforce of PHPSESSID
  5. Blended Threats and JavaScript
  6. Cross-Site Port Attacks
  7. Permanent backdooring of HTML5 client-side application
  8. CAPTCHA Re-Riding Attack
  9. XSS: Gaining access to HttpOnly Cookie in 2012
  10. Attacking OData: HTTP Verb Tunneling, Navigation Properties for Additional Data Access, System Query Options ($select)

Honorable Mention

11. Using WordPress as a intranet and internet port scanner

12. .Net Cross Site Scripting – Request Validation Bypassing (1)

13. Bruteforcing/Abusing search functions with no-rate checks to collect data

14. Browser Event Hijacking (23)

But a more widely used ranking method for Website Hacking is here. Note it is a more formal but probably a more recent document than the pdf above. If only it could be made into an easier to read tutorial, it would greatly improve website exploit security strength.

The Release Candidate for the OWASP Top 10 for 2013 is now available here: OWASP Top 10 – 2013 – Release Candidate

The OWASP Top 10 – 2013 Release Candidate includes the following changes as compared to the 2010 edition:

  • A1 Injection
  • A2 Broken Authentication and Session Management (was formerly A3)
  • A3 Cross-Site Scripting (XSS) (was formerly A2)
  • A4 Insecure Direct Object References
  • A5 Security Misconfiguration (was formerly A6)
  • A6 Sensitive Data Exposure (merged from former A7 Insecure Cryptographic Storage and former A9 Insufficient Transport Layer Protection)
  • A7 Missing Function Level Access Control (renamed/broadened from former A8 Failure to Restrict URL Access)
  • A8 Cross-Site Request Forgery (CSRF) (was formerly A5)
  • A9 Using Known Vulnerable Components (new but was part of former A6 – Security Misconfiguration)
  • A10 Unvalidated Redirects and Forwards

Once again, I am presenting this as an example of how lucid documentation can help spread technological awareness to people affected by technical ignorance and lacking the savvy and chops for self-learning. If you need better cyber security, you need better documentation and tutorials on hacking for improving the quantity and quality of the pool of available hackers and bringing in young blood to enhance your cyber security edge.

Countering Communist China’s CyberWar

How the West Counters China

  • Using United Nations and WTO to present evidence to push for financial penalties
  • Define Cyber- Retaliation rules of engagement and doctrine for hacking attacks
  • Delineate the obfuscation between Anonymous, State Sponsored Hacks, Hactivism, Cyber Criminals- and build clear rules of engagement
  • Provoke Chinese Naval and Air Assets (using the Opium War’s lessons)
  • Create a digital cyber-warfare alliance using Australia, Japan, Taiwan, South Korea, India , Tibetan Exiles and NATO

How China can counter the West

  • Build a dossier of false or misplaced allegations that are leveled at China and use them when something sticks
  • Highlight Western Government’s breaches of citizen privacy and digital surveillance
  • Highlight efforts of intellectual property theft, monopolistic actions and industrial espionage in the West
  • Host more black hat conferences within Macau and Hong Kong if not mainland China
  • Support Anonymous and Digital Activism as potential allies

The supreme art of war is to subdue the enemy without fighting.” ― Sun Tzu