πŸ’₯ My First Real Hack

When I first heard the term SQL Injection, it sounded like a hacker myth – something you'd see in movies, not real life. But curiosity took over. I had to know: Can someone truly hack a login with just a few characters?

I started from scratch. Nights filled with trial and error, reading articles, solving challenges, and building my own test labs. It was confusing, frustrating, but wildly exciting. I wasn’t just learning code β€” I was learning how attackers think.

πŸ”§ Setting Up My First Test Lab

I created a simple login system using PHP and MySQL β€” deliberately vulnerable, no input validation. Here's what the backend looked like: 


        $username = $_POST['username'];
        $password = $_POST['password'];
        $query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
        $result = mysqli_query($conn, $query);

Then came the moment. I opened the login page and entered: 

' OR 1=1 --

Password? Left blank. I hit "Login"... and boom β€” I was in! 🀯 That was the exact moment I realized what SQLi really means: it’s not just a bug. It’s a door β€” and I had just walked through it.

🧠 What Just Happened?

The query the server actually executed became: 

SELECT * FROM users WHERE username = '' OR 1=1 --' AND password = ''

-- comments out the rest of the query. 1=1 is always true. Result? The database returns all users, and the app logs me in without credentials.

πŸ”₯ Practice, Challenges & Growth

That was just the beginning. I went all-in β€” solving challenges on platforms like DVWA, bWAPP, and building my own local labs with Docker. I learned techniques like:

  • πŸ”— Union-based SQLi – merging data from other tables
  • πŸ’£ Error-based SQLi – extracting info through error messages
  • πŸ•ΆοΈ Blind SQLi – true/false logic without visible output

I practiced every day. I failed a lot. But each failure taught me something new β€” how to fingerprint databases, count columns, find injectable fields, and extract data.

πŸ”š What I Learned

That first hack wasn’t just about bypassing a login β€” it changed how I see the web. Every form, every input field... could be a potential attack surface. I now write and audit code like a hacker would attack it.

πŸ’‘ New to hacking? Don’t be discouraged. Every exploit you master takes you one step deeper into understanding how the web truly works.

Got questions or want to share your first hack with me? I’d love to hear from you

πŸ‘‡πŸ“« hunterologist@gmail.com