SQL injection is a common attack technique used to attack a web application. In this post, you will know different types of SQL injection attack in depth.
After completely reading this post about SQL injection, you will have a clear concept about it in-depth.
It is an attack technique used to exploit applications by tricking a database engine in such a way so that it allows an attacker to view data that they are not normally able to retrieve.
This might include data belonging to other users, or any other data that the application itself is able to access. In many cases, an attacker can modify or delete this data, causing persistent changes to the application's content or behavior.
What are different types of SQL Injection
The UNION operator is used to join multiple SQL queries. An attacker can use this operator to create a query, so that the result of the new query will be joined to the result of the original query, allowing the attacker to execute multiple queries at once.
In this injection technique, the attacker relies on error messages generated by the database server to obtain information about the structure of the database. In some cases, this attack alone is enough for an attacker to enumerate an entire database.
Blind SQL Injection
This technique is used when detailed error messages are not provided to the attacker. It is often the case, when the application displays user friendly error messages, with little or no technical error messages.
This type of injection is divided into 2 types.
In this type of attack the attacker creates SQL query such that after executing the query the result returned will be either true or false. Thereafter, by examining the outcomes of the true or false values, attacker understands that the application is vulnerable to this type of attack. Then he or she uses that to further exploit the application.
For example, suppose following web page displays a post detail having id equal to 2.
If a SQL injection weakness is present, then executing following request on the web application:
should return the same web page as:
It happens as the SQL statement "and 1=1" is always true.
Executing the following request to a web application:
would return a friendly error or no page at all. This happens because the SQL statement "and 1=0" is always false.
In this type of attack, the attacker constructs SQL query in such a way so that, if the query is successful then the database is forced to wait for some time (in seconds) before responding. If the query generates response after some time then attacker knows that the attack is successful.
For example, if following request is sent to a web application:
And if the page is displayed after some delay, then the application is vulnerable to time based attack.
If you like this post as helpful, please do share and comment your thoughts about it. Thank you!