AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Mysql comment4/2/2023 Also you can use this to execute some code only if the server is higher than supplied version. If you put a code into this comments it’s going to execute in MySQL only. It’s perfect for detecting MySQL version. This is a special comment syntax for MySQL. SELECT/*avoid-spaces*/password/**/FROM/**/Members.DR/**/OP/*bypass blacklisting*/sampletable.This is going to log you as admin user, because rest of the SQL query will be ignored.Ĭomments out rest of the query by not closing them or you can use for bypassing blacklisting, removing spaces, obfuscating and determining database versions. SELECT * FROM members WHERE username = 'admin'-' AND password = 'password'.Line Comments Sample SQL Injection Attacks Line comments are generally useful for ignoring rest of the query so you don’t have to deal with fixing the syntax. Syntax Reference, Sample Attacks and Dirty SQL Injection Tricks Ending / Commenting Out / Line Comments Line Comments Fast way to extract data from Error Based SQL Injections in SQL Server.Finding Database Structure in SQL Server.Enabling xp_cmdshell in SQL Server 2005.If Statement SQL Injection Attack Samples.
0 Comments
Read More
Leave a Reply. |