CEH v13: SQL Injection

Click Here to Return To the Certified Ethical Hacker (CEH v13) Course Page #

SQL Injection is a dedicated module in the EC-Council CEH v13 course. This module covers injecting database commands through application input and the defenses that stop it. Test injection only against applications inside your authorized scope.

SQL injection happens when an application builds a database query from user input without sanitizing it. You insert SQL that the database runs as part of the query, which exposes or alters data.

Types of SQL Injection #

Error-based injection reads database errors. UNION-based injection appends a second query to merge attacker data into the result.

Authentication Bypass #

A login form that builds a query from input is a classic target.

-- Input that turns the WHERE clause always true
' OR '1'='1' --

When the application inserts this into a login query, the condition is always true and the comment sequence -- ignores the rest, which logs you in without a valid password.

Automating with SQLMap #

You confirm and exploit injection points quickly with SQLMap.

# Detect injection and enumerate databases
sqlmap -u "http://target.example/item?id=1" --dbs
sqlmap -u "http://target.example/item?id=1" -D appdb --tables

SQLMap fingerprints the database, extracts schemas and tables, and dumps credentials when a parameter is vulnerable.

Defenses #

You stop injection at the code level.

• Parameterized queries (prepared statements) separate code from data.
• Stored procedures with bound parameters reduce risk.
• Input validation rejects unexpected characters.
• Least privilege limits what a compromised query reaches.

Parameterized queries are the definitive fix, because the database never treats input as code.

Next Steps #

Move off the wire and into the air with Hacking Wireless Networks . Revisit the broader application surface in Hacking Web Applications . Return to the Certified Ethical Hacker (CEH v13) Course .