Advanced SQL Injection Attack Techniques Explained by a Simulated Hacking Practitioner: PART 2

Advanced/Applied SQL Injection Attack Techniques You've Never Seen Before!
We present a new direction for mock hacking attacks.

📖 A series of SQL Injection attacks taught by a mock hacking expert!

• PART(1) : Basics / Practical Attacks / Secure Coding ◀ Previous lecture
  This training covers the most important content in SQL Injection attacks. You can learn attack techniques used in practice from the basics, various countermeasures, and secure coding. This is a required training that serves as the basis for subsequent training.

• PART(2) : Application / Advanced / Advanced ◀ Current lecture
  This is training on applied attack techniques and advanced attack techniques not covered in PART (1).

• PART(3) : Making an automated tool ◀ To be made
  This is a training course that applies the attack techniques learned to an automation tool to create a Python-based automation tool.

📖 Differences between SQL Injection Part 1 & 2!

If the previous lecture Part (1) was about the basics and principles of attacks, and the core theory and practice of attacks, this lecture covers the technical aspects of SQL Injection attacks . Therefore, Part (1) is the backbone of this lecture, so it is recommended that you take Part (1) first and then Part (2).

📖 How have SQL Injection attacks been carried out?

If any of the items below apply to you, you can solve them quickly and easily through this lecture!

• Have you ever been unable to attack in an environment where there are no posts on the bulletin board, or have you ever conducted a time-based attack?
• When performing Error-Based or Union-Based attacks, didn't you extract data one by one?
• In a Blind-Based attack, didn't you make at least 7 requests to infer one character?
• Did you know that file download vulnerability attacks are possible in the file download function linked to a database?
• Did you know that data retrieval attacks via Union-Based attacks are possible for file download functions linked to a DB?

💡 Why you absolutely must take this course!

This lecture covers not only known attack techniques, but also techniques that we discovered through our own research rather than well-known attack techniques. This attack technique presents a new direction for Blind-Based SQL Injection attacks !

The lecture also covers how this attack technique can be used to query data faster and more effectively than previously known attack techniques!

So... practitioners must definitely take this course, right!?

📖 Provides PHP-based practice bulletin boards for each DBMS!

We provide a practice bulletin board based on PHP-MYSQL, PHP-MSSQL, and PHP-ORACLE, through which you can practice SQL Injection for various DBMS.

🙋🏻‍♂️ Questions Q&A

Q. Can I understand Part (2) lecture if I haven't taken Part (1) lecture?
A. I highly recommend that you take the Part (1) lecture. I also recommend that you take this lecture after you have a sufficient understanding of SQL Injection attacks. If you have not taken Part (1) but have sufficient knowledge of SQL Injection attacks, there will be no major problems in taking Part (2), but there may be terms used or content that you are not familiar with, so I recommend that you take Part (1) if possible.

Q. Is this an attack technique that can be applied directly in practice?
A. Yes, of course! It can be applied immediately and attacks can be made more efficiently than existing technologies.

Q. Is there any information about countermeasures?
A. No, there isn't. For the countermeasures, please refer to the Part (1) lecture.

💡 Must-see lectures

Basic SQL Grammar for Successful SQL Injection Attacks
Basic Steps to Learn SQL Injection Attacks

SQL Injection Attack Techniques and Secure Coding: PART 1
SQL Injection Core Lecture! The Basics and Principles of Attacks!

※ Nanum font provided by Naver is used in this training PPT.