SQL Injection Error-based

SQL Injection error-base is a SQL Injection technique that must be returned due to some invalid injection without request.

Error messages can be used to return complete results or to get more information with invalid code injection to restructure the query for previous exploration.

This technique is also used in part of the Blind SQL Injection which basically works with trial and error comparing results according to the change in queries.

This technique (Error-based) only works if the applications have debug mode enabled to show errors.

References:

https://sqlwiki.netspi.com/injectionTypes/errorBased/#mysql

https://medium.com/@hninja049/example-of-a-error-based-sql-injection-dce72530271c

Author: lenonleite

Leave a Reply

Your email address will not be published. Required fields are marked *