Tag

SQL injection

Comma is forbidden! No worries!! Inject in insert/update queries without it

Comma is forbidden! No worries!! Inject in insert/update queries without it

A writeup regarding exploiting SQL injection issue in an insert query while it wasn’t possible to use a comma at my payload at all.
Web Security   •   March 31, 2019   •   13 min read
[SQLi] Extracting data without knowing columns names

[SQLi] Extracting data without knowing columns names

Extracting data without knowing columns names from MYSQL < 5 or in case of WAF blacklisting sending information_schema in the request

Web Security   •   February 9, 2019   •   7 min read