Welcome guys to my 1st tut :

SQL injection occurs when user input is not filtered for escape characters and is then passed into a SQL statement. This results in the potential manipulation of the statements performed on the database by the end user of the application —> Wikipedia

in this tutorial i will show how to take over a web server and gain a full access to DBMS via a SQL vulnerability with my lovely tool SQLMap ..



some papers you should read to gain a solid understand of SQL-injection methodology :

SQL injection Not only AND 1=1

That’s all 🙂