mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-22 04:33:28 +00:00
Update README.md
This commit is contained in:
parent
45fb8ee632
commit
5ae3c0b776
1 changed files with 9 additions and 0 deletions
|
@ -199,6 +199,15 @@ On the next examples we are going to retrieve the name of all the databases, the
|
|||
|
||||
_There is a different way to discover this data on every different database, but it's always the same methodology._
|
||||
|
||||
## Exploiting Hidden Union Based
|
||||
|
||||
If you can see the output of the query but you can't achieve a union based injection, you are dealing with a hidden union based injection.
|
||||
In this situation you end up with a blind injection. To turn the blind injection to a union based one, you need to extract the query being executed on the backend.
|
||||
You can do so by use of the blind injection and the default tables of your target DBMS. To learn about those default tables read the documentation of your target DBMS.
|
||||
After extracting the query, you need to adjust your payload accordingly, closing the original query safely. Then append a union query to your payload and start exploiting the newly obtained union based injection.
|
||||
|
||||
Complete Article: https://medium.com/@Rend_/healing-blind-injections-df30b9e0e06f
|
||||
|
||||
## Exploiting Error based
|
||||
|
||||
If for some reason you **cannot** see the **output** of the **query** but you can **see the error messages**, you can make this error messages to **ex-filtrate** data from the database.\
|
||||
|
|
Loading…
Reference in a new issue