Definition:
When an SQL Injection leaks information via SQL error message, it is called the Error based SQL Injection. An error-based SQL injection helps an attacker to get information regarding database structure and/or data itself. The severity of the Error based SQL Injection is comparatively lesser then stack or union-based SQL Injection.
Exploitation and Examples:
As we have seen in UNION based SQL Injection, an attacker can predict the number of columns and data types of each column from the errors of the database. We have also seen how blind error-based SQL Injection can help an attacker to get desired information using conditional errors.
0 Comments