Journal of Advancement in Communication System (e-ISSN: 3048-4758)

SQL Injection (SQLi) remains one of the most critical and prevalent security vulnerabilities in web applications, enabling attackers to exploit backend databases by injecting malicious inputs. This paper focuses on the techniques employed to execute SQL Injection attacks using Burp Suite, a comprehensive tool for web application security assessment. It begins by summarizing various types of SQLi - such as Error- based, Union-based, and Blind SQL Injection - along with their associated risks. The discussion then transitions to practical, hands-on demonstrations utilizing Burp Suite components, including Proxy, Repeater, and Intruder, to identify and exploit these vulnerabilities. Special attention is given to the step-by- step process of capturing HTTP traffic, modifying query parameters, and interpreting server responses to uncover confidential information. Furthermore, the paper presents effective strategies for identifying and confirming SQLi issues in a simulated lab environment, emphasizing the importance of ethical hacking in enhancing cybersecurity skills. The overall objective is to equip security practitioners, educators, and learners with practical knowledge to detect, comprehend, and defend against SQL Injection threats.

OWASP Foundation. “OWASP Top 10 – 2021.” Accessed

October 2023. https://owasp.org.

Halfond, W. G. J., Viegas, J., & Orso, A. (2006). A classification of SQL injection attacks and countermeasures. In Proceedings of the IEEE International Symposium on Secure Software Engineering.

PortSwigger Web Security. Suite Documentation. https://portswigger.net/burp.

DVWA (Damn Vulnerable Web Application). Retrieved from http://www.dvwa.co.uk/.

Stuttard, D., & Pinto, M. (2011). The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws. Wiley Publishing.