The query looks like this:
INSERT INTO log VALUES ('abc: INJECTION')
I can inject like this:
INSERT INTO log VALUES ('abc: ' + 123 + ')
which results in the value 123 being inserted because the whole value gets cast to an integer.
I want to insert a string like this:
INSERT INTO log VALUES ('abc: ' || unhex('3120389123912') || '')
but the concatenation character | is filtered.
How can I insert the result of unhex() or similar to bypass the other character filters without using | to concat it?
Aucun commentaire:
Enregistrer un commentaire