4.1.1. Injection Classification

4.1.1.1. Introduction

SQL injection is a code injection technique used to attack data-driven applications. In an application, if proper filtering is not done, malicious SQL statements may be inserted into input fields for execution (eg dumping database contents to an attacker).

4.1.1.2. Classification by technique

According to the techniques used, SQL injection types can be divided into

  • blind injection

    • Boolean Blind: Boolean values ​​after statement execution can only be inferred from application returns

    • Time Blind Note: The application does not have a clear echo, and can only use a specific time function to judge

  • Error injection: The application will display all or part of the error message

  • Stack injection: some applications can join ; and execute multiple statements at a time

  • other

4.1.1.3. Classification by way of acquiring data

In addition, it can also be divided into 3 categories according to the way of obtaining data

4.1.1.3.1. inband

Using Web applications to directly obtain data, such as error injection, this type of injection extracts data through site responses or error feedback.

4.1.1.3.2. inference

Infer data through some reflection of the web, such as Boolean blinds, which is our popular blind, and infer data through other changes in the web application.

4.1.1.3.3. out of band (OOB)

Data is obtained by other means of transport, such as DNS resolution protocols and email.