The response we get back from our injection attempts is referred to as boolean-based SQL Injection and can be true or false, yes or no, on or off, 1/0, or any other response that can only ever have two outcomes. This result demonstrates to us whether or not our SQL Injection payload was successful. You… Continue reading Boolean-based Blind SQL Injection

The “UNION” keyword is used in SQL statements in a sort of SQL injection attack known as union-based SQL injection. By inserting malicious SQL code into an application’s input field, which is then processed by the application’s database, this attack aims to alter the behaviour of a SQL query. In SQL queries, the “UNION” term… Continue reading UNION-Based SQL Injection

This kind of SQL Injection happens whenever a website’s input fields, such as the search box, login page, comment forms, etc., are present. Below is the screenshot of the login page that I have made to demonstrate the Classical Login-based SQL injection Depending on the website or application, the Login Page SQL query will be… Continue reading Classic SQL Injection