Error-based SQL injection

Union-based

Time-based blind SQL injection

Boolean exploitation in blind SQL injection

include()

eval()

print_r()

preg_match()

MS SQL Server, MySQL, Oracle, PostgreSQL

InfluxDB, Cassandra, Neo4j, Elasticsearch

SQLite, Redis, MongoDB, CouchDB

Firebase, DynamoDB, BigTable, CosmosDB

Blind SQL Injection

Piggybacked SQL Injection

Out-of-band SQL Injection

In-band SQL Injection

Strong password policies

Misconfigured firewalls

Dynamic query generation without input sanitization

Overuse of stored procedures

WAITFOR

DELAY '0:0:5'

SELECT

* FROM users WHERE username='admin';

'

UNION SELECT 1, 2 --

'

DROP TABLE users --

Deletes a database table

Modifies a user's password

Initiates a denial-of-service attack

Bypasses authentication checks

THC Hydra and Medusa

Burp Suite and Sqlmap

Metasploit and Wfuzz

Nessus and Nikto

X-Frame-Options

Content-Type

Referrer-Policy

Access-Control-Allow-Origin

To gain direct access to a database

To steal sensitive data or execute malicious scripts in a user's browser

To manipulate server-side configurations

To bypass authentication on the server