If an attacker uses the command SELECT*FROM user WHERE name = ‘x’ AND userid IS NULL; –‘; which type

Discussion in 'CEH' started by Thirunavukkarasu M, Feb 21, 2020.

  1. Thirunavukkarasu M

    Thirunavukkarasu M New Member

    Joined:
    Oct 7, 2019
    Messages:
    1
    Likes Received:
    0
    If an attacker uses the command SELECT*FROM user WHERE name = ‘x’ AND userid IS NULL; –‘; which type of SQL injection attack is the attacker performing? Can you pls ans??
     
    #1
  2. Koyel Sinha Chowdhury

    Koyel Sinha Chowdhury Well-Known Member

    Joined:
    Feb 14, 2019
    Messages:
    69
    Likes Received:
    8
    Hi Thirunavikkarasu,

    The ans is Error Based SQL Injection: Tautology . The reason is given below:
      • Attackers intentionally insert bad input into an application, causing it to throw database errors.
      • The attacker reads the database-level error messages that result in order to find an SQL injection vulnerability in the application.
      • Based on this, the attacker then injects SQL queries that are specifically designed to compromise the data security of the application.
    Hope this addresses your query.
     
    #2

Share This Page