# SQL Injection

## Introduction

SQL injection, also known as SQLI, is **a common attack vector** that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists, or private customer details.

> **What is SQL?**
>
> SQL stands for **Structured Query Language**, which is a computer language for storing, manipulating, and retrieving data stored in a relational database. SQL is the standard language for Relational Database System. MS SQL Server uses T-SQL, Oracle uses PL/SQL, the MS Access version of SQL is called JET SQL (native format), etc.

## Basics

* You can learn SQL Injection basics from the given link below.

{% embed url="<https://www.w3schools.com/sql/sql_injection.asp>" %}

{% embed url="<https://portswigger.net/web-security/sql-injection>" %}

## SQL Injection Cheat Sheet

{% embed url="<https://www.netsparker.com/blog/web-security/sql-injection-cheat-sheet>" %}

## SQLMap

* sqlmap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers.
* It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches, from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.

{% embed url="<https://github.com/sqlmapproject/sqlmap>" %}
GitHub Repo of SQLMap
{% endembed %}

#### After gaining knowledge of SQLMap, you should need to know:

* [ ] Enumeration of databases
* [ ] Enumeration of Tables in a Database
* [ ] Dump the data from the database
* [ ] Spawning an OS Shell with SQLMap

## Damn Small SQLi Scanner

**Damn Small SQLi Scanner** (DSSS) is a fully functional [SQL injection](https://en.wikipedia.org/wiki/SQL_injection) vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code.

{% embed url="<https://github.com/stamparm/DSSS>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://book.thegurusec.com/certifications/certified-ethical-hacker-practical/sql-injection.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.