Question

SQL injections are an exciting vulnerability to find and exploit, so dive into finding one on a practice application or bug bounty program. Since SQL injections are sometimes quite complex to exploit, start by attacking a deliberately vulnerable application like the Damn Vulnerable Web Application for practice, if you’d like. You can find it at http://www.dvwa.co.uk/ . Then follow this road map to start finding real SQL injection vulnerabilities in the wild:

SQL 注入是一种令人兴奋的漏洞，您可以在练习应用程序或漏洞赏金计划中寻找并利用它们。由于 SQL 注入有时很复杂，因此如果您想练习，请从攻击一个有意被攻击的应用程序开始，比如 Damn Vulnerable Web Application。您可以在 http://www.dvwa.co.uk/找到它。然后按照以下路线图开始在野外找到真正的 SQL 注入漏洞：

1. Map any of the application’s endpoints that take in user input.
2. Insert test payloads into these locations to discover whether they’re vulnerable to SQL injections. If the endpoint isn’t vulnerable to classic SQL injections, try inferential techniques instead.
3. Once you’ve confirmed that the endpoint is vulnerable to SQL injections, use different SQL injection queries to leak information from the database.
4. Escalate the issue. Figure out what data you can leak from the endpoint and whether you can achieve an authentication bypass. Be careful not to execute any actions that would damage the integrity of the target’s database, such as deleting user data or modifying the structure of the database.
5. Finally, draft up your first SQL injection report with an example payload that the security team can use to duplicate your results. Because SQL injections are quite technical to exploit most of the time, it’s a good idea to spend some time crafting an easy-to-understand proof of concept.