SQL Injection

Read this: https://ctf101.org/web-exploitation/sql-injection/what-is-sql-injection/

  1. What is SQL injection? What is a database injection other than SQL?
  2. What are the different types of SQL injection?

As a helpful hint, 95% of SQL injects in basic challenges are as simple as pasting ' OR '1'='1 after a username or password. Truly wonderful.

In advanced challenges, SQL injects can be incredibly complicated and take days to figure out how to exploit after you initially identify that the site is vulnerable.

Relevant XKCD: https://xkcd.com/327/