Cross Site Scripting (XSS) Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications, such as web browsers through breaches of browser security, that enables attackers to inject client-side script into Web pages viewed by other users. So let say that Cross Site Scripting (XSS) was a hacking … Read more
SQL Injection is a SQL query injection technique that can break the database. It stand at the top of OWASP TOP 10 vulnerability. Here is the link to the OWASP TOP 10 : https://owasp.org/www-project-top-ten/ . In SQL injection first we have to find out the target. The target can be any possible are where sql query is getting executed. For example user login, selecting category on eCommerce website, tracking id and other places.
This is most easiest SQL injection. In the payload and the result of the payload, what the payload done both are visible on the single website. Kaileena will pass the payload and able to see the result of this payload on the same page.
The most common examples are: Error bases Injection and Union bases Injection.
Now consider a situation where there will be no error messages and server handled the error message finely so Kaileena is now not able to see those errors to be sure that there is SQL injection here. So the second this she can try is Blind SQL injection.
This is bit time taking and still same lethal as the earlier one. It can be exploit either by exploiting with boolean or by time delay.
The most common example of Inferential SQLi are : Boolean based and Time based.