10.1 SQL Theory and Databases
Focus on:
MySQL + MariaDB (fork of MySQL)
Microsoft SQL Server (MSSQL)
Techniques
error based -> error message is leaked which can be used to exfiltrate data
union based -> append union statement to list additional data
boolean based -> server does only response with valid/invalid response, harder to extract data
time based -> server does not return, but with a sleep() statement we can exfiltrate data (same as boolean)
Code execution
manual code execution:
mssql via xp_cmdshell
mysql indirect via “select … into outfile” and then triggering code execution
automated code exectuion via sqlmap
Last changeda year ago