error-based-sql-injection
Error Based SQL Injection
Error-based SQL injection is a type of SQL injection attack where the attacker manipulates the input to trigger database errors, which in turn reveal information about the structure or details of the database. The error messages returned by the database contain valuable information that the attacker can use to exploit the system, such as table names, column names, data types, or even specific values stored in the database.
In this type of attack, the attacker relies on the database’s error messages to gather information about the SQL query structure, allowing them to craft more precise and effective attacks.
How it works:
- The attacker submits malicious SQL input designed to trigger an error in the database.
- When the query is executed, an error message is returned by the database, which typically contains useful details about the database structure, such as column names, data types, or even specific values in the database.
- The attacker uses this information to adjust their attack and gain unauthorized access to data or further manipulate the database.
Example
- Normal Query
- Our Injection Payload
- Query After Injection
- Output
SELECT * FROM users WHERE username = 'username' AND password = 'password';
' OR 1=1 --
SELECT * FROM users WHERE username = '' OR 1=1 -- ' AND password = 'password';
ERROR: column "users.password" does not exist
From this error output, we found that the column password exists in the users table. Similarly, we can craft more precise injection payloads for other errors that expose table names, column names, or data types.
Boolean, error-based, out-of-band, and time-based will be added later.