# Week-1

### What is SQL injection (SQLi)? <a href="#what-is-sql-injection-sqli" id="what-is-sql-injection-sqli"></a>

SQL injection (SQLi) is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database.This can allow an attacker to view data that they are not normally able to retrieve. This might include data that belongs to other users, or any other data that the application can access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application's content or behavior.

## Task -1:

Learn the basics of sql from these resources such that it would be helpful in doing sql injection

{% embed url="<https://www.youtube.com/watch?v=xiUTqnI6xk8>" %}
Basics of SQL required for SQLi
{% endembed %}

The Above video by NetworkChuck  is more than sufficient to master the basics of SQL.If you're looking to delve deeper, explore the following resources.

1. <https://www.w3schools.com/sql/sql_intro.asp>
2. <https://www.youtube.com/watch?v=HXV3zeQKqGY>

## Task-2:

Let's get started with SQL injection now.

{% embed url="<https://youtu.be/wX6tszfgYp4>" %}

2. **Check out the portswigger blog on SQLi**&#x20;

{% embed url="<https://portswigger.net/web-security/sql-injection>" %}

3. **Grab this SQLI Cheatsheet , it will be more usefull when you start solving the labs**

{% embed url="<https://portswigger.net/web-security/sql-injection/cheat-sheet>" %}

3. **Start solving the SQLi labs and remember to take notes while you enjoy your way through the labs.**

{% embed url="<https://portswigger.net/web-security/all-labs#sql-injection>" %}

## Task-3:

There is a powerful tool called SQLMAP to automate SQL injection. I highly recommend checking it out.Below attached resources are for some refference , SQLMAP is a very big tool so do explore it on your own.

1. <https://hackertarget.com/sqlmap-tutorial/>
2. <https://www.sqlinjection.net/sqlmap/tutorial/>

## Conclusion:

In Conclusion, SQL injection (SQLi) is an age-old vulnerability that continues to exist widely. Despite technological progress, this security flaw persists, highlighting the ongoing need for robust measures to protect databases and web applications.

If you face any difficulties while learning please contact the web team of 1nf1n1ty.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://blog.1nf1n1ty.team/hacking-path/web-exploitation/week-1.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.