Brief Introduction to SQL Injection

SQL Injection is a SQL query injection technique that can break the database. It stand at the top of OWASP TOP 10 vulnerability. Here is the link to the OWASP TOP 10 : https://owasp.org/www-project-top-ten/ . In SQL injection first we have to find out the target. The target can be any possible are where sql query is getting executed. For example user login, selecting category on eCommerce website, tracking id and other places. 
 

There are three  types of SQL injection are there.

1. In-Band SQLi (Classic SQLi) :

    This is most easiest SQL injection. In the payload and the result of the payload, what the payload done both are visible on the single website. Kaileena will pass the payload and able to see the result of this payload on the same page. 
The most common examples are:  Error bases Injection and Union bases Injection.
 

2. Inferential SQLi(Blind SQLi):

Now consider a situation where there will be no error messages and server handled the error message finely so Kaileena is now not able to see those errors to be sure that there is SQL injection here. So the second this she can try is Blind SQL injection.
This is bit time taking and still same lethal as the earlier one. It can be exploit either by exploiting with boolean or by time delay.
The most common example of  Inferential SQLi are : Boolean based and Time based.

3. Out-of-Bound SQLi: 

    THis is not so common SQL injection. In this type of Kaileena not able to exploit it directly become the payload is passed on the one channel and the result will be available through another channel. For example xp_dirtree command in MS-SQL and UTL_HTTP in oracle.
 
Brief Introduction to SQL Injection

 

Conclusion

This is just an Introduction to SQL injection. If you like it like, comment and share.
Stay tuned for more amazing articles.

Leave a Comment

close
error: Content is protected !!