This kind of attack uses the same communication channel for injecting SQL code and
retrieving results. The retrieved data is presented directly in the application's
web page.
- Tautology — Injects code in one or more condition statements so that they always evaluate to true.
- End of line comment — After injecting code into a particular field, legitimate code that follows is nullified through usage of end of line comments.
- Piggybacked queries — The attacker adds additional queries beyond the intended query, piggy-backing the attack on top of a legitimate request.
