SQLInjectionWiki/attackQueries/parameterManipulation/sqlserver.html at master · NetSPI/SQLInjectionWiki · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
<h3 id="parameter-manipulation">Parameter Manipulation</h3>

<p class="pageDescription">{{site.data.injectionDescriptions.parameterManipulation}}</p>

<table class="table table-striped table-hover">
    <thead>
        <tr>
            <th>Description</th>
            <th align="left">Query</th>
        </tr>
    </thead>
    <tbody>
        <tr>
            <td>ASCII &gt; Char</td>
            <td>SELECT char(65)</td>
        </tr>
        <tr>
            <td>Char &gt; ASCII</td>
            <td>SELECT ascii('A')</td>
        </tr>
        <tr>
            <td>Hex &gt; Int</td>
            <td>SELECT 0x20 + 0x40</td>
        </tr>
        <tr>
            <td>Bitwise AND</td>
            <td>SELECT 6 &amp; 2</td>
        </tr>
        <tr>
            <td>Bitwise OR</td>
            <td>SELECT 6</td>
        </tr>
        <tr>
            <td>Bitwise Negation</td>
            <td>SELECT ~6</td>
        </tr>
        <tr>
            <td>Bitwise XOR</td>
            <td>SELECT 6 ^ 2</td>
        </tr>
        <tr>
            <td>Substring</td>
            <td>SELECT substring('abcd', 3, 2)<br><em>substring(string, index, length)</em></td>
        </tr>
        <tr>
            <td>Casting</td>
            <td>SELECT cast('1' AS unsigned integer)<br>SELECT cast('123' AS char)</td>
        </tr>
        <tr>
            <td>Concatenation</td>
            <td>SELECT concat('net','spi')</td>
        </tr>
    </tbody>
</table>