In this article, we are telling you about types of sql injection attack like sql injection example or how you can try sql injection attack on a website.
We have also told you about sql injection attack earlier, here we are telling you about types of sql injection attack because it does not happen that you always get sql injection bug in all websites in the same way.
In such a situation, you must also know about types of sql injection attack, all this helps you a lot in finding bugs, here we are telling you to solve some labs of portswigger.
Note- This article is only for educational purpose. Don’t miss use your knowledge and skills.
Types of SQL Injection Attack ?
Here we are not telling you about sql injection attack, we have given you two articles before this, if you have not read them, in this way you can read them, here we are telling you to solve some labs of sql injection attacks.
Also Read
What is host header injection attack
How to do os command injection attack
What is oauth 2.0 authentication vulnerability
SQL injection UNION attack, determining the number of columns returned by the query ?
First of all, we are telling you how columns are found in a website, as we all know that in any website, there are content columns and rows in the database.
https://portswigger.net/web-security/sql-injection/union-attacks/lab-determine-number-of-columns
In such a way, if hackers can find the columns in a website, in such a situation a sql injection attack can be performed on that website, when you do it practically, you understand yourself. This is how you get many types of sql injection attack.
After accessing the lab here, in this way the home page is open in front of you, here you have to open any category and capture the request.
Here first you have to run the burp suite normally, after doing all this, you can do this by capturing live request or you can do it through http history.
As you can see in the image here we have captured the live website and sent the request with repeater to the request, here you can do this through union attack, here the data from the database tables of hackers website through union attack can collect.
Here you have to use the null value until you get the response as you can see in the image, in this way you have to use the null value. This is how you get many types of sql injection attack.
Here if you get internal server error when you use the null value for the first time, in such a way you can send another null value and send the request where you get the response.
You have to forward the request by giving that value in the live request, as we have told you in earlier articles, you have to solve the lab by forwarding the request here as well.
SQL injection UNION attack, finding a column containing text
In the same way, you get another attack from types of sql injection attack, where you do not get response through null value in any website, in such a way you can extract response by giving any other value.
https://portswigger.net/web-security/sql-injection/union-attacks/lab-find-column-containing-text
Here also first you have to access lab, after that you have to live capture any one category request like you have mentioned above, after doing all this you can solve this lab of types of sql injection attack.
Here in some websites the null value is blocked, in such a way, we have to try the gross injection attack on the website by giving your own keyword or value, by doing this, if you get a response, then you can say that this website sql is vulnerable to injection attack.
As you can see here, we have got a response after giving the text according to you and you have not received any kind of error, as well as the message of congratulations has also been shown to us, in the same way you also have other labs of types of sql injection attack.
SQL injection attack, querying the database type and version on Oracle
In this type of sql injection attack, versioning is also done, like if you are able to find the database version in any way in any website, then that website is vulnerable to sql injection attack.
Here also you have to do the same way as you have been told. After accessing the lab you have to open any category and capture that request live capture. After doing all this, you have to send the request to the repeater.
You can do this by forwarding the request through null value and version also, but in repeater, you know how to show the version in response, as you can see in the image. This is how you get many types of sql injection attack.
Here, with null value, when you use the version, in this way you will be able to see the information of the database version also in response, as you can see in the image, in the same way you also get in the live website.
After doing all this, you can also solve this lab by forwarding the request as you can see in the image, you have got the message of congratulations like you get on solving all labs.
SQL injection vulnerability allowing login bypass
In the same way, you are being told by solving the last lab here from the types of sql injection attack, it is not possible to solve all the labs and tell them by trying them yourself.
https://portswigger.net/web-security/sql-injection/lab-login-bypass
Here, if you are able to login into a website by entering null value, as you have been told about sql injection payloads, how can your value database work as blank, then you can login.
After accessing the lab here, you get the option to login, you can login once by entering the username and password in any way, by doing this your login request is captured in the burp suite.
This is also done in some kind of live website as you can see in the image, here we have captured the login request, after doing all this we have made changes in the username parameter.
After making all these changes, when you forward the request, in this way you will be able to see that you login without a password, as you can see in the image, you get to do it in some kind of live website as well.
The Conclusion
I hope that now you know about the types of SQL Injection Attack. We have told you here by solving four labs of sql injection attack, you get more labs here as well.
You can try to solve all those labs by yourself, just like you get a lot of labs here, you can understand that there is no way to find sql injection bug.
In such a way, you know more ways to find sql injection bug, it is good for you, if you get any kind of error in solving its labs here, you can ask in the comment. This is how you get many types of sql injection attack.
If you like this article of ours, then you must share it, here you are told about all kinds of hacking for free like facebook hacking ,Instagram hacking , whatsapp hacking and much more.
Subscribe to our blog for latest updates
Sharing is caring
Thankyou
Leave a Reply