Differences

This shows you the differences between two versions of the page.

--- hacking:sql_injection:mysql:string_operations [2020/04/16 22:06] – peter
+++ hacking:sql_injection:mysql:string_operations [2020/07/15 09:30] (current) – external edit 127.0.0.1
@@ Line 33: / Line 33: @@
 <code sql>
-x457578 # - Hex Representation of string
+x457578 /* Hex Representation of string. */
-SELECT 0x457578 # This will be selected as string in MySQL.
+SELECT 0x457578 /* This will be selected as string in MySQL.*/
+</code>
+In MySQL easy way to generate hex representations of strings use this;
+<code sql>
+SELECT CONCAT('0x',HEX('c:\\boot.ini'))
+SELECT CONCAT(CHAR(75),CHAR(76),CHAR(77)) /* This will return 'KLM'. */
+</code>
+Hex based SQL Injection Samples
+<code sql>
+SELECT LOAD_FILE(0x633A5C626F6F742E696E69) /* This will show the content of c:\boot.ini */
 </code>
 ----
+===== String Modification & Related =====
+Return ASCII character value of leftmost character.
+<code sql>
+ASCII()
+SELECT ASCII('a')
+</code>
+A must have function for Blind SQL Injections.
+----
+Convert an integer of ASCII.
+<code sql>
+CHAR()
+SELECT CHAR(64)
+</code>