I've written about this in a couple of other articles, but I needed it to be on my new blog because it makes a good attack especially when dealing with MySQL databases, because:
- MySQL on *nix servers can be configured pretty well, making access to the database very difficult and therefore pwnage can be very difficult!!
- You have the ability to extend MySQL Error based injection into other attacks that may not be viable on the web application like:
- non-persistent XSS
- Defacement of the site
- HTTP parameter pollution
- DDos (more on this in another post!!) ---using this web application to make requests to other servers at the expense of the person visiting the page