SQL Injection

SQL Injection (SQLi) is one of the most well-known and critical vulnerabilities in web applications. It occurs when user input is not properly validated before being included in an SQL query, allowing attackers to interfere with the underlying database. This category of labs explores various SQLi techniques, from classic attacks to more advanced variations such as blind, time-based, and second-order injections.

The following exercises cover different scenarios where SQLi is possible, aiming to understand how it works, how to exploit it, and — most importantly — how to prevent it.