Injection ORDER BY -direction
In the last module, we learned how to use error-based techniques when the injection point is in the column parameter of the ORDER BY clause (ORDER by email, etc).
Now you can practice the same technique when injection is in the direction parameter of the ORDER BY statement (e.g. ORDER BY email ASC).
ORDER BY -parameters can also be added after the direction, for example, this is a valid SQL statement:
For this reason, the attack is practically identical to the one practiced in the previous module, so take this module as a review. If you get stuck, refer to the instructions from the previous module.
Ready to become an ethical hacker?
Start today.
As a member of Hakatemia you get unlimited access to Hakatemia modules, exercises and tools, and you get access to the Hakatemia Discord channel where you can ask for help from both instructors and other Hakatemia members.