mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 10:26:09 +00:00
Update README.md
This commit is contained in:
parent
f723bcbf8a
commit
867f243100
@ -134,6 +134,22 @@ Detection of an SQL injection entry point
|
||||
["'i'='i'", "MSACCESS,SQLITE,POSTGRESQL,ORACLE,MSSQL,MYSQL"],
|
||||
```
|
||||
|
||||
## DBMS Identification VIA Error
|
||||
|
||||
When testing for SQL injection error messages can also help in identifying the underlying DBMS:
|
||||
|
||||
| DBMS | Example Error Message | Example Payload |
|
||||
|---------------------|------------------------------------------------------------------------------------------------------------
|
||||
| MySQL | `You have an error in your SQL syntax; ... near '' at line 1` | `'` |
|
||||
| PostgreSQL | `ERROR: unterminated quoted string at or near "'"` | `'` |
|
||||
| PostgreSQL | `ERROR: syntax error at or near "1"` | `1'` |
|
||||
| Microsoft SQL Server| `Unclosed quotation mark after the character string ''.` | `'` |
|
||||
| Microsoft SQL Server| `Incorrect syntax near ''.` | `'` |
|
||||
| Microsoft SQL Server| `The conversion of the varchar value to data type int resulted in an out-of-range value.` | `1'` |
|
||||
| Oracle | `ORA-00933: SQL command not properly ended` | `'` |
|
||||
| Oracle | `ORA-01756: quoted string not properly terminated` | `'` |
|
||||
| Oracle | `ORA-00923: FROM keyword not found where expected` | `1'` |
|
||||
|
||||
|
||||
## SQL injection using SQLmap
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user