When I am putting single quotes in a URL getting this error. this a SQL Injection.?
-
XSS.stack #1 – первый литературный журнал от юзеров форума
Да, это дефицит sql.
Additionally try using Time Based SQL Injection payloads like sleep, waitfor, benchmark, etc and verify if there is time difference. These tests can very well confirm if the SQL injection is present or not.
try this in intruder "and if((select substr(database(),1,1) limit 0,1)='s',sleep(10), null)-- -" , check for response time and keep changing the letters.
try this in intruder "and if((select substr(database(),1,1) limit 0,1)='s',sleep(10), null)-- -" , check for response time and keep changing the letters. this method is good or u can try out of band sqli using burp collaborator