Blind SQL Injection — MySQL Data Base
In this tutorial, we will be looking into exploiting SQL Injection attack on applications that uses MySQL database as a backend.
Basics Of Blind SQL Injection:
In the case of Blind SQL injection, an attacker queries the database with yes or no questions. Based on the response got from the web page, attacker confirms the possibility of blind SQL injection in a particular application.
Types of Blind SQL Injection attack:
In this tutorial, we will be looking into Error Based SQL Injection.
Lets Start The…
Preventing SQL Injection:
Main reason behind sql injection: SQL query acting as a mediator in between the application and database is unable to differentiate the user submitted value and the actual query.
In order to prevent sql injection our query must have a capability to differentiate the user submitted value and the actual query. This can be achieved by using Parametrised query or Stored Procedures instead of ordinary statements.