Examples of data returned via successful SQL injection
I can find plenty of documentation on how SQL Injection works, but can't seem to find what the traffic looks like when it is successful. Would anyone have a .pcap, screenshot, or anything else they could provide that would show me some examples of what the response is when it is successful?


2 Posts
Hello Guy,

I suggest you to learn 'from both sides'. Install DVWA ("Damn Vulnerable Web App" - dvwa.co.uk/) and try to find/abuse the SQL injections present in the application. At the same time, capture the traffic with tcpdump then replay it or analyze it to discover the network patterns...


712 Posts
ISC Handler
If you're a 504 alumni, there's a lab for SQL injection that you can re-do. There are some easter eggs in that lab - applying some of the lecture techniques beyond the lab will let you find even more stuff. Juice

12 Posts
SQL injection happens when you interpolate some content into a SQL query string, and the result modifies the syntax of your query in ways you didn't intend.

It doesn't have to be malicious, it can be an accident. But accidental SQL injection is more likely to result in an error than in a vulnerability.

The harmful content doesn't have to come from a user, it could be content that your application gets from any source, or even generates itself in code.

How does it cause vulnerabilities?

It can lead to vulnerabilities because attackers can send values to an application that they know will be interpolated into a SQL string. By being very clever, they can manipulate the result of queries, reading data or even changing data that they shouldn't be allowed to do.

For examples you could visit here

Ajit Khodke

1 Posts

Sign Up for Free or Log In to start participating in the conversation!