Advanced Data Exfiltration with SQL Injection

This campaign introduces advanced SQL injection techniques to players to provide them with further knowledge of web exploitation and database enumeration. We will explore techniques such as time-based, error-based, and second-order SQL injections, exposing players to more complex and unique use cases

📄️ Time-Based Data Exfiltration with SQL Injection

This quest teaches you how to use SQL queries to cause time delays, use Burp Suite’s intruder and extract data from an SQL server with Time-based SQL Injection

📄️ Error-Based Data Exfiltration with SQL Injection

In this quest, you will learn how to use SQL queries to cause errors and extract data from an SQL server using Error-based SQL Injection. By the end, you will be able to exfiltrate data with response codes using Burp Suite's Intruder

📄️ Second-Order SQL Injection

In this quest, you will learn how to perform SQL injection attacks to retrieve data indirectly through OOB (Out-of-Band) SQL Injection. You will use SQL queries to send data to your computer and configure a DNS server to receive the data from an SQL server. Additionally, you will learn simple filter evasion techniques. By the end, you will be able to extract data from an SQL server using OOB SQL Injection

FULL OVERVIEW ?

Go To Campaign Page