Kitaab

SQLi

1970-01-01 00:00

SQL Injections

source: https://github.com/payloadbox/sql-injection-payload-list

Types:

  • In-Band SQL Injection - Usually used to exfiltrate data that isn't supposed to be accessible
  • Error Based SQLi - Uses errors to understand how to exploit the db (Which tables exist, how many columns, etc)
  • Blind SQLi - The data is not returned with the input query, so we can't exfiltrate
  • Union-based SQLi - Using SQL union to gather data from other tables in a single query