someone online was having sql injections described to them to explain the bobby tables xkcd. they said they felt like the 8 INT barbarian being told about magic by the wizard. so i tried a different approach, long
I'm sad that my database administration professor years ago never taught us about this. Do you need to know the name of whatever you're attacking then, or is there a way to get that info?
@Tathar there are tons of ways to leak information about databases that have been integrated improperly
you can even leak information out of a database even if it's set up so that you only ever get the correct page or an error, by carefully constructing queries that will error only if certain conditions are true, etc
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!