Name a method of protecting yourself from an SQL Injection exploit. Answer: Prepared Statements (also known as parameterized queries) Prepared statements separate SQL logic from user data. The database compiles the SQL query template first, then safely substitutes user input as data only—never as executable code, effectively eliminating SQL injection risks.
We can escalate privileges by injecting the following query: 1' UNION SELECT 'admin', 'admin', 'admin' INTO users -- . This query will create a new user with admin privileges.
In this lab, we will explore SQL injection vulnerabilities and learn how to exploit them. SQL injection is a type of web application security vulnerability that allows an attacker to inject malicious SQL code into a web application's database.