πSQL Injection
Try seclists wordlist for sql, use burpsuite intruder to test on the parameter
Basic payload to test:
Error Based Payloads
Sometimes SQL injection can lead to authentication bypass.
Something like this can be used. Try playing around by switching '
and "
To enumerate version on error based SQLi
We can directly enumerate the database if we get output:
If we get an error try the columns one by one:
To get passwords of specific user:
UNION-based Payloads
We can find number of columns in the original query with:
Then to do a union attack:
Now we can check if there are other tables in this database.
Blind SQLi
Blind SQLi occurs when no database response is returned. This case we can use boolean or time based logic.
To try boolean based SQL:
If both the statements are true the application will return a true value hence if we get a true value we can say admin is in the database.
To try Time based SQLi:
This will make the application hang if the user is present.
Last updated