Hi,
In this post, we will learn about Error-based SQL injection. We know that there are three types of SQL injection.
Now to find SQL injection we generally use '
single quote, using this if the server throws the error, with that error we come to a conclusion about SQL injection.
In the Error-based SQL injection, the server does not show any data outside but it shows data in error itself. So instead of getting data on the page itself with various options, error based SQL injection gives output in Error itself.
To know more see this video, you can understand very well. In this video first we use SQL injection to find all data but after that, we use error based SQL injection.
Payload:
username=gfh'+OR+1+GROUP+BY+CONCAT_WS(0x3a,VERSION(),FLOOR(RAND(0)*2))+HAVING+MIN(0)+OR+1-- -
The prevention of SQL injection can be done by properly managing and sanitizing any user input before it is allowed to reach the main program code. Most types of the SQL injection attacks can be prevented by simply removing all the single and double quotes from the user input.