Some SQL Injection Research.

Publicated on : 1182289091
Next week I'm going to do some more research on SQL injection. I have a pretty complete sheet for MySQL but I thought about more ways of information gathering. One of them is pretty slick if I may say myself. Usually when you do a UNION SELECT injection you need to guess how may columns there are in a table. This can take plenty of time and many times it is not sure you got a proper result. This next vector outputs the exact amount of columns in a secondary table. it only works if the PHP script echoes back errors, which probably is standard practice by programmers.

That's why error/file disclosure can help us.