Meitoka blog
  • πŸ‘‹About Me
  • ☒️Malware Development (crow)
    • Process, Thread & Handler
  • 🚩TryHackMe stuffs
    • Walkthroughs
      • πŸ”ŸOWASP Top 10
      • SSRF
      • Buffer Overflow
    • Challenges (CTF)
      • β™ŸοΈPublisher
      • 🐰Wonderland
  • πŸŒ‹VULNLAB
    • Machines
      • 🐈Baby
      • 🎧Data
  • 🧠LEARNING
    • πŸ’‰SQLi
      • πŸ“œSQLmap quick cheat sheet
      • ➑️In-Band SQLi
      • Inferential (Blind) SQL Injection
      • ⚠️SQLi warning
Powered by GitBook
On this page
  1. LEARNING
  2. SQLi

SQLi warning

Using OR 1=1 in SQL injections is risky and should rarely be used in real-world engagements. It loads all rows of the table, which may not bypass the login if only one row is expected. This can also cause database performance issues.

As an alternative, consider using AND 1=1 with a valid input (such as a legitimate username) to test or confirm SQL injection vulnerabilities.

Example:

  1. Detect a potential Error message after a failed login (doesn’t respect OWASP Guidelines).

  2. Using the error to brute force the username field with Hydra

  3. Get a legitimate username

  4. Do a SQLi like: user' AND '1'='1'-- -

  5. Bingo!!

PreviousInferential (Blind) SQL Injection

Last updated 1 month ago

🧠
πŸ’‰
⚠️