AXIONSECURITY

SQLi

Error-Based

Error-based SQL Injection (SQLi) is a technique that allows attackers to extract information from a database by exploiting error messages generated by SQL queries. This type of SQL injection occurs when the application improperly handles SQL syntax errors, revealing details about the database structure and other sensitive information.

How Error-based SQLi Works

  1. Injection: The attacker inserts a malicious SQL query into an input field (e.g., search box, login form) that interacts with a database.
  2. Error Triggering: The application executes the query, and if there is improper error handling, it returns detailed error messages.
  3. Exploitation: The attacker analyzes these error messages to gather valuable information such as database type, table names, column names, and other database structures.

Imagine an application with a vulnerable login form:

<form action="/login" method="POST"> <input type="text" name="username" /> <input type="password" name="password" /> <input type="submit" value="Login" /> </form>

If the application doesn't properly handle SQL errors, an attacker might input the following into the username field:

' OR 1=1 --

This could lead to an error message such as:

SQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'OR 1=1 --' at line 1

From the error message, the attacker can gather details about the database and its structure.

Performing these attacks on systems without permission is illegal. Always obtain proper authorization before testing for vulnerabilities.

Previous

Blind Boolean-Based

Next

Blind Time-based

On this page