Hi there! Today I am going to tell you about the classes and types of the SQL injection. So without wasting time, lets go!
Classes of SQL injection
We all know that SQL injection is all about injecting malicious SQL queries and extracting data from the database. So on the basis of how information is retrieved from the target, SQL injection can be broken into 3 classes.
In-band SQL injection
When data can be extracted through the same channel by which the malicious queries are being injected, it is called in-band SQL injection.
For example, if the attacker is injecting the queries through the webpage and he can read the results from the same webpage, it is in-band SQL injection.
Out of Band
When the data is retrieved through a different channel, it is called out of band SQL injection.
For example, if the attacker injects malicious queries through the webpage and the web application sends the result in an email, it would be a case of out of band SQL injection.
In inferential SQL injection, no actual data gets extracted but the attacker has to reconstruct the information by sending well crafted requests and analyzing the behavior of the web application.
Types of SQL Injection
On the basis of injection method, SQL injection is of 3 types:
Error Based SQL Injection
In the error based SQL injection, the attacker submits a malformed query to the web application which throws an error. The attacker can extract data from these errors. This is the easiest method of SQL injection.
Union Based SQL Injection
In the union based SQL injection, the attacker combines his own SQL query and the existing query using the UNION statement to extract the data from the database. Its useful for dumping hug amounts of data.
Blind Based SQL Injection
In the blind based SQL injection, the attacker has to send a query and then analyze the response of the web application.
For example, the attacker can submit a query which delays the web page loading by 10 seconds if the number of tables in the database is 1. If the page the page is displayed normally that means the number of tables is not 1 and hence the attacker can keep increasing the value to find out the exact number of tables in the database.
That’s it for now. Keep learning! Keep injecting!