0PricingLogin
Cyber Security Academy · Lesson

Testing for Injection Vulnerabilities

Use SQLMap, manual payloads, and Burp to test for SQL, command, and LDAP injection.

Injection Vulnerability Classes

Injection occurs when untrusted data is sent to an interpreter as part of a command or query. The interpreter cannot distinguish data from commands, executing attacker-controlled logic. SQL, command, LDAP, XPath, and template injection are all in this class.

SQL Injection: Manual Testing

Start with simple payloads to probe for SQL injection. A single quote causes a SQL syntax error in vulnerable apps. Check error messages, response length differences, and response time.

# Test for SQLi:
' -- basic quote
'' -- doubled quote
1' OR '1'='1 -- always-true
1; DROP TABLE users -- statement terminator

# In URL:
https://target.com/item?id=1'

All lessons in this course

  1. Burp Suite Proxy and Intercepting Requests
  2. Testing for Injection Vulnerabilities
  3. Authentication and Session Testing
  4. File Upload and SSRF Vulnerabilities
← Back to Cyber Security Academy