reddit hackernews mail facebook facebook linkedin

Vulnerability - SQL Injection aka SQLi

Description

SQL Injection overview by OWASP

SQL injection by Wikipedia

SQL statement in request parameter by PortSwigger
SQL injection (basic) by PortSwigger
SQL injection (second order) by PortSwigger
Client-side SQL injection (DOM-based) by PortSwigger
Client-side SQL injection (reflected DOM-based) by PortSwigger
Client-side SQL injection (stored DOM-based) by PortSwigger

Articles

The Ultimate SQL Injection Payload by Detectify

Videos

DEFCON 17: Advanced SQL Injection
Hacktivity 2012 - Joe McCray - Big Bang Theory - Pentesting high security environments

Tools

Sqlmap by Miroslav Stampar