Last updated
Was this helpful?
Last updated
Was this helpful?
Error-based SQLi is an in-band SQL Injection technique that relies on error messages thrown by the database server to obtain information about the structure of the database. In some cases, error-based SQL injection alone is enough for an attacker to enumerate an entire database. While errors are very useful during the development phase of a web application, they should be disabled on a live site, or logged to a file with restricted access instead.
The process is relatively the same as injection. All you have to do is modify the payloads to trigger an error wait.
A time-based SQLi payload in MySQL will look like this
Examples: