hands-on lab

Perform a SQL Injection (SQLi) Attack

Intermediate
30m
406
4.4/5
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
Lab description

Injection vulnerabilities allow attackers to relay malicious code through an application to another system. An example of another system is a SQL database. When SQL databases are targeted the injection attack is called a SQL injection (SQLi). Injection vulnerabilities may arise any time an interpreter is used. Attackers depend on flaws in interpreting to cause unexpected behaviors.

The Open Web Application Security Project (OWASP) ranks injection vulnerabilities as the number one web application security risk in its top ten list. SQL injection is one of the most common types of injection vulnerabilities.

This Lab demonstrates a SQLi attack. By allowing user input to form part of the SQL query that is executed, you will be able to extract data you should not have access to. You will use a web application that is intentionally vulnerable to illustrate the attack. 

You will use the web browser on a Kali Linux host to launch the attack on a web application running on a Metasploitable 2 host. Both hosts are running as virtual machines in a Hyper-V virtual environment.

This Lab is designed for the CREST Practitioner Security Analyst (CPSA) certification examination but is of value to security practitioners in general.

Learning Objectives

Upon completion of this Lab you will be able to:

  • Describe the elements of a SQL injection attacks
  • Test for SQL injection vulnerabilities
  • Perform SQL injection attacks
  • Understand how to prevent SQL injection attacks

Intended Audience

This Lab is intended for:

  • CREST CPSA certification examinees
  • Security practitioners
  • Web application developers

Prerequisites

You should be familiar with:

  • SQL basics are beneficial but not required

 

Updates

July 10th, 2020 - Enabled direct browser RDP connection for a streamlined experience

Environment before
Environment after
About the author
Avatar
Logan Rakai
Lead Content Developer - Labs
Students
212,316
Labs
222
Courses
9
Learning paths
55

Logan has been involved in software development and research since 2007 and has been in the cloud since 2012. He is an AWS Certified DevOps Engineer - Professional, AWS Certified Solutions Architect - Professional, Microsoft Certified Azure Solutions Architect Expert, MCSE: Cloud Platform and Infrastructure, Google Cloud Certified Associate Cloud Engineer, Certified Kubernetes Security Specialist (CKS), Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), and Certified OpenStack Administrator (COA). He earned his Ph.D. studying design automation and enjoys all things tech.

LinkedIn, Twitter, GitHub

Covered topics
Lab steps
Performing a SQL Injection (SQLi) Attack