SQL Injections

published 1970-01-01 00:00

updated 2023-06-04 00:13

:▔▓▔▛: %date

SQL Injections


  • In-Band SQL Injection - Usually used to exfiltrate data that isn't supposed to be accessible
  • Error Based SQLi - Uses errors to understand how to exploit the db (Which tables exist, how many columns, etc)
  • Blind SQLi - The data is not returned with the input query, so we can't exfiltrate
  • Union-based SQLi - Using SQL union to gather data from other tables in a single query