11. Types of SQL injection attack
❯ Explicit
❯ Union-based: append a result set that’s render to the markup
❯ Error-base: disclose information in an unhandled exception
❯ Implicit(blind)
❯ Boolean-base: test if a particular condition is true
❯ Time-base: cause the response to be delayed in response to a
test
11
23. Direct Obj-Ref: Upload File
23
upload
Select a file to upload
D:Documentsabc.txt
http://web.site/upload/abc.txt
upload
Select a file to upload
D:Malwareevil.exe
http://web.site/upload/evil.exe