I read about SQL injections and the classic methods to do them. I have also come across some tools like Burp-suite. However, the material seems quite outdated. Can you provide me some pointers on good material on SQL injections ? Note this is purely for educational purposes and is part of a hacking contest.
Thanks.
There are 2 parts you want to consider:
Jihnesh was talking about the first part. In the example Jignesh gave, you find out that the script is using MySQL, information about the server / files, and that he doesn't check the category parameter as an int (because he would do something to treat this situation, instead the query was ran, and the result (expected to be an array) - is probably empty).
There are many methods for this first part, but I recommend you to check sqlmap - it's a very awesome program I use for checking my websites.
Moving on to the actual "hacking" - the most basic example is the one with the users:
URL: login.php | POST info: user = "admin' OR 1 -- "
$query = "SELECT * FROM users WHERE user = '{$_POST[user]}' AND password = {$_POST[pass]}";
SQL: SELECT * FROM users WHERE user = 'admin' OR 1 -- ' AND password = ''
Result: Selects all the users in the users table
You can also check this tutorial http://www.unixwiz.net/techtips/sql-injection.html