One of my current weak points (and there are many) is SQL injection. I just can't quite pull them off yet.
Sure, I know the basics like
or '1'='1' stuff. Even then, it's a bit rocky for me. It's when it comes down to trying to make sense of error messages and turn them into something useful.
I've been slowly working my way through their SQL Injection labs, which can be found here. It's actually been really helpful in putting the pieces together for me. Concepts like UNION attacks are starting to make more sense. Deriving the number of valid columns from ORDER BY and using SELECT NULL is all making much more sense than it did two days ago.
I'm also using W3 School's SQL lessons, because it lets me test some of the concepts against a database table I can see in real-time. This helps me better visualize what is going on behind the scenes in the SQLi labs I've been hammering away at. I want to get better at this and make it less about dumb luck or automated tools, and more about knowing how my query is working and why. I've set up super-basic MySQL databases in the past on a Raspberry Pi just to learn some of the basic ideas, but it's a lot harder to make sense of queries when they're abstracted from you through a website that doesn't show you the tables.
Now that I'm putting both pieces together, it's starting to make sense and hopefully I can become more proficient with my SQL injection attacks as I continue practicing.
You really should check out both:
- Port Swigger SQL Injection Labs - https://portswigger.net/web-security/sql-injection/union-attacks
- W3 Schools SQL Tutorial - https://www.w3schools.com/sql/