SQL injection attacks

There are mainly three types of SQL injection attacks, which are as follows:

  1. In-band SQL Injection: In this type of SQL injection, the attacker uses the same communication channel to send the attack as the response. It is further classified into two types, which are:
  • Error-based SQL Injection: In this type, the attacker uses the SQL server’s error messages to obtain information about the structure and content of the database.
  • Union-based SQL Injection: In this type, the attacker combines two or more SQL queries to obtain information about the structure and content of the database.
  1. Blind SQL Injection: In this type of SQL injection, the attacker does not receive the response of the attack. It is further classified into two types, which are:
  • Boolean-based SQL Injection: In this type, the attacker sends SQL queries that generate a true or false response to determine if the vulnerability exists.
  • Time-based SQL Injection: In this type, the attacker sends SQL queries that delay the server’s response time to determine if the vulnerability exists.
  1. Out-of-band SQL Injection: In this type of SQL injection, the attacker uses a different communication channel to send the attack and receive the response. It is further classified into two types, which are:
  • Inferential SQL Injection: In this type, the attacker sends SQL queries that do not generate any error or output but obtain information from the server’s behavior.
  • Stored Procedure SQL Injection: In this type, the attacker sends SQL queries that exploit the vulnerabilities in stored procedures to obtain information from the server.