SecPlusTrainer / Glossary / What is SQL injection exploitation?
D9 · PenTest+

What is SQL injection exploitation?

SQLi exploitation types: Error-based (extract via error messages), Union-based (join additional SELECT), Boolean-based (infer data from true/false responses), Time-based blind (SLEEP() delays confirm injection).
sqlmap automates SQLi detection and exploitation. Manual: ' or 1=1-- in login fields. Union injection: ' UNION SELECT username,password FROM users-- . Always test with sqlmap --level=5 --risk=3 for comprehensive testing. SQLi can dump entire databases, bypass auth, and in some configs, achieve RCE via INTO OUTFILE or xp_cmdshell.

Related Terms

What is banner grabbing? What is enumeration in cybersecurity? What is OSINT (Open Source Intelligence)? What is passive reconnaissance?
← Back to Glossary Practice Questions →