handbook/tools/3.Web-Hacking/4.Injection/SQL/Commands/Commands.md at main - x/handbook - Coding everything, everywhere, anytime.

x/handbook

Anton Nesterov af9011411c

vault backup: 2024-08-31 01:07:21

2024-08-31 01:07:22 +02:00

1.1 KiB

Raw Permalink Blame History

Commands

Type of SQL injection

Retrieving hidden data ---> Modify an SQL query to return additional results
Subverting application logic ---> Change a query to interfere with the application's logic
UNION attacks ---> Retrieve data from different database tables.
Examining the database ---> Extract info about the version and structure of DB
Blind SQL injection ---> Results query not returned in application's responses

-> More information in the SQL Injection Folder

SQL Injection Vectors

Database ---> [Query used to interact with Database](1 - Database)
Login ---> [Query used with Login](2 - Login form)
Cookies ---> [Query used with Cookies](SQL Injection)
XML ---> [Query used with XML (Special Encoding)](3 - XML)
AJAX ---> [Query used with AJAZ Object](4 - AJAX)

https://portswigger.net/web-security/sql-injection/cheat-sheet

-> More information in the SQL Injection (Vectors) Folder