In-band SQLi (classic SQLi)

In-band SQL injection is the classis SQL injection attack and it occurs when the attacker is able to use the same parameter and channel to launch an attack and get the corresponding results. In-band SQLi is divided into two types mainly:

• Error-based SQLi: In this type of in-band SQLi, error messages are returned as a response from the database and allow the attacker to gain information about the backend database itself. In certain scenarios, error-based SQLi in itself is essential for an attacker to gain access to the backend database; this is why errors should be disabled in all cases.
• Union-based SQLi: Union-based is a type of in-band SQL injection attack that takes advantage of the union SQL operator to concatenate the responses of two SQL statements into a single consolidated response.