Update README.md

This commit is contained in:
Rend 2022-02-26 16:07:06 +03:30 committed by GitHub
parent 45fb8ee632
commit 5ae3c0b776
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -199,6 +199,15 @@ On the next examples we are going to retrieve the name of all the databases, the
_There is a different way to discover this data on every different database, but it's always the same methodology._
## Exploiting Hidden Union Based
If you can see the output of the query but you can't achieve a union based injection, you are dealing with a hidden union based injection.
In this situation you end up with a blind injection. To turn the blind injection to a union based one, you need to extract the query being executed on the backend.
You can do so by use of the blind injection and the default tables of your target DBMS. To learn about those default tables read the documentation of your target DBMS.
After extracting the query, you need to adjust your payload accordingly, closing the original query safely. Then append a union query to your payload and start exploiting the newly obtained union based injection.
Complete Article: https://medium.com/@Rend_/healing-blind-injections-df30b9e0e06f
## Exploiting Error based
If for some reason you **cannot** see the **output** of the **query** but you can **see the error messages**, you can make this error messages to **ex-filtrate** data from the database.\