Manipulating parameters aids in bypassing Web Application Firewalls, Anti-Virus scanners, and allows modification of various SQL queries for unique situations.
Description | Query |
---|---|
ASCII > Char | SELECT char(65) |
Char > ASCII | SELECT ascii('A') |
Hex > Int | SELECT 0x20 + 0x40 |
Bitwise AND | SELECT 6 & 2 |
Bitwise OR | SELECT 6 |
Bitwise Negation | SELECT ~6 |
Bitwise XOR | SELECT 6 ^ 2 |
Right Shift | SELECT 6>>2 |
Left Shift | SELECT 6<<2 |
Substring | SELECT substr('abcd', 3, 2) substr(string, index, length) |
Casting | SELECT cast('1' AS unsigned integer) SELECT cast('123' AS char) |
Concatenation | SELECT concat('net','spi') SELECT 'n' 'et' 'spi' |
For more examples please go here.
Manipulating parameters aids in bypassing Web Application Firewalls, Anti-Virus scanners, and allows modification of various SQL queries for unique situations.
Description | Query |
---|---|
ASCII > Char | SELECT char(65) from dual |
Char > ASCII | SELECT ascii('A') from dual |
Bitwise AND | SELECT 6 & 2 from dual |
Bitwise OR | SELECT 6 from dual |
Bitwise Negation | SELECT ~6 from dual |
Bitwise XOR | SELECT 6 ^ 2 from dual |
Substring | SELECT substr('abcd', 3, 2) from dual substr(string, index, length) |
Casting | select CAST(12 AS CHAR(32)) from dual |
Concatenation | SELECT concat('net','spi') from dual SELECT 'n' 'et' 'spi' from dual |
Manipulating parameters aids in bypassing Web Application Firewalls, Anti-Virus scanners, and allows modification of various SQL queries for unique situations.
Description | Query |
---|---|
ASCII > Char | SELECT char(65) |
Char > ASCII | SELECT ascii('A') |
Hex > Int | SELECT 0x20 + 0x40 |
Bitwise AND | SELECT 6 & 2 |
Bitwise OR | SELECT 6 |
Bitwise Negation | SELECT ~6 |
Bitwise XOR | SELECT 6 ^ 2 |
Substring | SELECT substring('abcd', 3, 2) substring(string, index, length) |
Casting | SELECT cast('1' AS unsigned integer) SELECT cast('123' AS char) |
Concatenation | SELECT concat('net','spi') |
© 2024 Copyright by NetSPI. All rights reserved.