# SQLi ## SQL Injection #### No SQLi NoSQL injection (NoSQLi) is a type of injection attack that targets **NoSQL databases** (e.g., MongoDB, CouchDB, Cassandra) instead of traditional SQL databases. Like SQL injection, NoSQLi exploits vulnerabilities in how user input is handled, but it specifically targets the query syntax and behavior of NoSQL databases. NoSQL databases use query languages or APIs that are different from SQL. For example: * MongoDB uses BSON (Binary JSON) and query operators like `$eq`, `$ne`, `$gt`, etc. * CouchDB uses JSON and HTTP-based APIs. #### SQLite SQLite is a lightweight, serverless, self-contained **relational database management system (RDBMS)**. It is embedded directly into applications and stores the entire database in a single file. Unlike traditional databases like MySQL or PostgreSQL, SQLite does not require a separate server process to operate. Try using `' Or 1=1;--` as input. **Features of SQLite** 1. **Serverless**: * No separate server process is needed; the database is accessed directly from the application. 2. **Single File**: * The entire database is stored in a single file (e.g., `database.db`). 3. **Lightweight**: * Minimal setup and configuration required. 4. **SQL Support**: * Supports standard SQL queries, including `SELECT`, `INSERT`, `UPDATE`, `DELETE`, etc. **SQL Injection** * **Definition**: SQL injection is a vulnerability where an attacker can inject malicious SQL code into a query executed by the application’s database. * Suppose a login form uses this query: ``` SELECT * FROM users WHERE username = '$username' AND password = '$password'; ``` * If the attacker inputs `' OR 1=1 --` as the username and leaves the password blank, the query becomes: ``` SELECT * FROM users WHERE username = '' OR 1=1 --' AND password = ''; ``` **Blind SQL Injection** * **Definition**: Blind SQL injection is a type of SQL injection where the attacker cannot directly see the results of the injected query (e.g., no data is returned to the attacker). Instead, the attacker infers information based on the application’s behavior (e.g., response times, error messages, or boolean responses). **How It Works**: * The attacker injects malicious SQL code, but the application does not display the results directly * The attacker uses techniques like boolean-based or time-based inference to extract data. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://foothold.gitbook.io/blog/notes/sqli.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.