PwnKata
Start drilling free
Home Web Exploitation Blind SQL Injection
medium Coming soon Web

Blind SQL Injection

Blind SQL Injection distilled into repeatable single-technique reps on isolated targets.

Each rep changes the scenario details while keeping the technique atomic and solver-verified.

The target stays self-contained with no live third-party systems or real outbound dependency.

What you'll practice

blind SQL injection
drill workspace · session live
medium

Blind SQL Injection

Blind SQL Injection distilled into repeatable single-technique reps on isolated targets.

Objective

Recover the flag at /root/flag.txt and submit it.

Get notified when this drops

Start with the techniques that are live today.

Create a free account

Related web exploitation techniques

Web Live

SQL Injection: Auth Bypass

Drill authentication-bypass SQL injection by matching the payload to the query context.

easy
Web Live

OS Command Injection

Find where user input reaches a shell, then pick a payload form that survives the filter and response style.

medium
Web Live

SSRF via URL Parameter

Make the server fetch what it shouldn't. Internal targets are simulated safely inside the drill.

medium