Private Testing Phase

Tomanator.dev is currently in private testing. If you want an account or early access to break things before launch, let's talk.

A03:2021-Injection

Core Lesson

Hand-crafted

SQL Injection

One of the oldest and most dangerous web vulnerabilities. Learn how simple unescaped strings can open your entire database to the world.

Concept Overview

Imagine a search bar where you type 'Shoes'. The app runs: SELECT * FROM products WHERE name = 'Shoes'.

An attacker types: ' OR 1=1 --. The app now runs: SELECT * FROM products WHERE name = '' OR 1=1 --'.

Because 1=1 is always true, the database returns every single row. The -- tells the database to ignore the rest of the original query.

Accessing Hub

Decrypting technical data...