Aditya Singh

Hello Guys! You’re warm welcome in this advance hacking blog. We have learned various Topics about CyberSecurity from here, but that is no end. again, we are going to make this post also interesting one of them. Now today I came here to share about How to perform Manual SQL injection?

What is SQL injection (SQLi)?

SQL injection is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally allows an attacker to view data that they are not normally able to retrieve. 

This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application’s content or behavior.

In some situations, an attacker can escalate an SQL injection attack to compromise the underlying server or other back-end infrastructure or perform a denial-of-service attack.

Disclaimer! This Post does not Promote or encourage Any illegal activities, all contents provided by This Website is meant for EDUCATIONAL PURPOSE only.

How to perform Manual sql injection?

Pre-requisites:

1. Knowledge of SQL (Structured Query Language), basics (CREATE, READ, UPDATE, DELETE)
2. Backend Technologies (PHP, JSP, etc.) 
3. Web application basics

Working Methodology

Application says: 

    Enter a User ID – 

Backend Query:

SELECT first name, last name FROM users WHERE user_id – ‘$id’;

User Input: 1

Backend Query:

SELECT first name, last_name FROM users WHERE user_id = ‘1’;

Read more