Now that we have identified the SQL injection vulnerability, we can start extracting database information. We can use the following payload to extract the database version:

Now that we have extracted the database version, we can start extracting sensitive data. We can use the following payload to extract the database schema:

SQL injection is a type of web application security vulnerability that allows attackers to inject malicious SQL code into a web application’s database in order to extract or modify sensitive data. In this article, we will be focusing on the TryHackMe SQL Injection Lab, a popular online lab environment that allows users to practice and learn about SQL injection attacks.