SQL Injection Labs – PortSwigger Web Security Academy

My notes for portswigger labs on SQLI

Detailed write-ups and walkthroughs of SQLi labs from PortSwigger Web Security Academy.

here you can find labs

---

📚 Resources

• SQL Injection Tutorial
• SQL Injection Cheat Sheet

---

View

🧪 Labs

No.	Lab Title	Category	Difficulty	Solution
1	SQL injection vulnerability in WHERE clause allowing retrieval of hidden data	In-Band	🟢 Apprentice	View
2	SQL injection vulnerability allowing login bypass	In-Band (Auth Bypass)	🟢 Apprentice	View
3	SQL injection with filter bypass via XML encoding	In-Band	🟡 Practitioner	View
4	SQL injection attack, querying the database type and version on Oracle	Examining DB	🟢 Apprentice	View
5	SQL injection attack, querying the database type and version on MySQL and Microsoft	Examining DB	🟢 Apprentice	View
6	SQL injection attack, listing the database contents on non-Oracle databases	Examining DB	🟡 Practitioner	View
7	SQL injection attack, listing the database contents on Oracle	Examining DB	🟡 Practitioner	View
8	SQL injection UNION attack, determining the number of columns	UNION Attacks	🟢 Apprentice	View
9	SQL injection UNION attack, finding a column containing text	UNION Attacks	🟢 Apprentice	View
10	SQL injection UNION attack, retrieving data from other tables	UNION Attacks	🟢 Apprentice	View
11	SQL injection UNION attack, retrieving multiple values in a single column	UNION Attacks	🟡 Practitioner	View
12	Blind SQL injection with conditional responses	Blind	🟡 Practitioner	View
13	Blind SQL injection with conditional errors	Blind	🟡 Practitioner	View
14	Visible error-based SQL injection	Blind	🟡 Practitioner	View
15	Blind SQL injection with time delays	Blind	🟢 Apprentice	View
16	Blind SQL injection with time delays and information retrieval	Blind	🟡 Practitioner	View
17	Blind SQL injection with out-of-band interaction	Blind (OOB)	🟡 Practitioner	View
18	Blind SQL injection with out-of-band data exfiltration	Blind (OOB)	🟡 Practitioner	Coming Soon!