I would like to know about these 2 SQL Injection techniques. I completed my studies in SQL databases and my teacher told me about SQL injection, then I became interested in this topic. I discovered a tool that does this automatically, but I only understood the step where the vulnerable parameters are identified.
thank you
Boolean based sql injection is useful when the server doesnt return any information to you which is often the case. If you can determine that the response is different based on whether the sql statement returns true or false, there are ways to get the information your after even if the server doesnt return it to you.
For example, if a password field is vulnerable to boolean based sql injection and you type in the correct password then ' And 1 = 1 -- on sql server, you will be logged in. If you do the same thing with 1 = 2, it will say invalid password.
If you try to put a select statement in that attack vector, you will get nothing back, it just wont let you in.
This is where boolean based sql injection is useful. You can craft an attack vector to say
Sql Pseudocode: And ( the first character of the first column in the database has an ascii value greater than 25)
If it logs you in, you can say, is it greater than 55, and so on, until you get the character. You can then do the same thing with the 2nd character, until you get the full column name.
I cant go throug every technique but there are loads of resources out there. I think the best way to train is to spin something up thats vulnerable. Then run sqlmqp and proxy the traffic through burp suite or something. Then you can see exactly what the tool is doing.
