Learning Notes

These SQL Injects is when query does not return results back in their HTTP responses, so UNION attacks are not useful. Blind SQL Injections can be exploited using conditional responses. Example, if we figure out that a website reacts a certain way when a valid cookie is sent then we can add onto the HTTP request to ask application/database True/False questions. If there are no answers to our question, then the website whatever "True" response to the valid cookie will not show. If there is an answer, then the response will show. Using "and" on the "WHERE" clause to add our additional conditional request. Lab 11 - Blind SQL injection with conditional responses Vulnerable parameter - tracking cookie End Goals: 1) Enumerate the password of the administrator 2) Log in as the administrator

Most databases have an information schema detailing tables and columns. Listing database content on non-Oracle Databases LAB: Lab #9 - SQL injection attack, listing the database contents on non-Oracle databases End Goals: - Determine the table that contains usernames and passwords - Determine the relevant columns - Output the content of the table - Login as the administrator user Analysis: 1. Find the number of columns ' order by 3-- -> Internal server error 3 - 1 = 2 2. Find the data type of the columns ' UNION select 'a', 'a'-