Learning Topics
- SQL Injection
- SonarQube
SQL Injection
-
SQL injection can cause authentication bypass
-
It can also retrieve data
-
can change user passwords
-
First Order SQL injection
- When applications use user-submitted input directly in an SQL query
-
Second Order SQL Injection
- When user input gets stored in an SQL DB
-
SQLi cheet sheet https://portswigger.net/web-security/sql-injection/cheat-sheet
-
stacked queries - https://www.sqlinjection.net/stacked-queries/-
-
union queries - https://www.mysqltutorial.org/mysql-basics/mysql-union/
-
logining into a remote mysql DB
mysql -u root -h 94.237.55.96 -P 32844 -p
MySQL commands
INSERT- Allows you to add new records to a DB
INSERT INTO table_name VALUES (column1_value, column2_value, column3_value, ...);INSERT INTO table_name(column2, column3, ...) VALUES (column2_value, column3_value, ...);- Multiple docs example
INSERT INTO logins(username, password) VALUES ('john', 'john123!'), ('tom', 'tom123!');
- ALTER
- Changes the name of any table and any of its fields or to delete or add a new column to an existing table
- Example adding a new column to a table
ALTER TABLE logins ADD newColumn INT;
- Example rename column
ALTER TABLE logins RENAME COLUMN newColumn TO newerColumn;
- Example change a columns datatype
ALTER TABLE logins MODIFY newerColumn DATE;
- Example drop a column
ALTER TABLE logins DROP newerColumn;
- Example adding a new column to a table
- Changes the name of any table and any of its fields or to delete or add a new column to an existing table
- UPDATE
- can be used to update specific records within a table, based on certain conditions.
- Example of changing a password
UPDATE logins SET password = 'change_password' WHERE id > 1;