When an SQL injection vulnerability is attacked, the application will often display error messages from the database.
We are able to retrieve the data we are trying to retrieve from the database by constructing a query that ensures it ends up in the error message passed back to us.
This is the method we used in the previous SQL injection example.
This is a very quick and efficient way of mining data through SQL injection vulnerabilities.
Sometimes, code is constructed in a way that whilst it is vulnerable to injection, it’s not possible to get the data we want returned by the database.