24 lines
1.1 KiB
Markdown
24 lines
1.1 KiB
Markdown
|
|
||
|
|
## Commands
|
||
|
|
|
||
|
|
Type of SQL injection
|
||
|
|
- Retrieving hidden data ---> Modify an SQL query to return additional results
|
||
|
|
- Subverting application logic ---> Change a query to interfere with the application's logic
|
||
|
|
- UNION attacks ---> Retrieve data from different database tables.
|
||
|
|
- Examining the database ---> Extract info about the version and structure of DB
|
||
|
|
- Blind SQL injection ---> Results query not returned in application's responses
|
||
|
|
|
||
|
|
-> More information in the SQL Injection Folder
|
||
|
|
|
||
|
|
|
||
|
|
SQL Injection Vectors
|
||
|
|
- Database ---> [Query used to interact with Database]([[1 - Database]])
|
||
|
|
- Login ---> [Query used with Login]([[2 - Login form]])
|
||
|
|
|
||
|
|
- Cookies ---> [Query used with Cookies]([[SQL Injection]])
|
||
|
|
- XML ---> [Query used with XML (Special Encoding)]([[3 - XML]])
|
||
|
|
- AJAX ---> [Query used with AJAZ Object]([[4 - AJAX]])
|
||
|
|
|
||
|
|
https://portswigger.net/web-security/sql-injection/cheat-sheet
|
||
|
|
|
||
|
|
-> More information in the SQL Injection (Vectors) Folder
|