SQL injection attacks

Publié par Fikri.fr le

There are mainly three types of SQL injection attacks, which are as follows:

In-band SQL Injection: In this type of SQL injection, the attacker uses the same communication channel to send the attack as the response. It is further classified into two types, which are:

Error-based SQL Injection: In this type, the attacker uses the SQL server’s error messages to obtain information about the structure and content of the database.
Union-based SQL Injection: In this type, the attacker combines two or more SQL queries to obtain information about the structure and content of the database.

Blind SQL Injection: In this type of SQL injection, the attacker does not receive the response of the attack. It is further classified into two types, which are:

Boolean-based SQL Injection: In this type, the attacker sends SQL queries that generate a true or false response to determine if the vulnerability exists.
Time-based SQL Injection: In this type, the attacker sends SQL queries that delay the server’s response time to determine if the vulnerability exists.

Out-of-band SQL Injection: In this type of SQL injection, the attacker uses a different communication channel to send the attack and receive the response. It is further classified into two types, which are:

Inferential SQL Injection: In this type, the attacker sends SQL queries that do not generate any error or output but obtain information from the server’s behavior.
Stored Procedure SQL Injection: In this type, the attacker sends SQL queries that exploit the vulnerabilities in stored procedures to obtain information from the server.