Web Hacking
◾
343
Union-Based SQL Injection
This is the most common type of SQL injection. It comes from the class of inband SQL injection,
and this type of attack utilizes
the use of a UNION statement, which is the combination of two
select statements, to extract information from the database. We will discuss this attack in detail later.
Error-Based SQL Injection
An error-based
SQL injection is the easiest; however, the only problem with this technique is that
it works only with MS-SQL Server. In this technique, we cause an application
to throw an error
to extract the database. Typically, you ask a question to the database, and
it returns with an error
containing the information you asked for.
Blind SQL Injection
The blind SQL injection is the hardest of them all. In this technique, no error messages are received
from the database; therefore, we extract the data by asking questions to the database. The blind
SQL injection is further divided into two categories:
1. Boolean-based
SQL injection
2. Time-based SQL injection
Both of these methods can be used to extract the database by either asking a question or inducing
a time delay. We will discuss more about them later.
Dostları ilə paylaş: