Last active
February 10, 2024 12:22
-
-
Save righettod/62c47f4c99f5b362346288497484fee5 to your computer and use it in GitHub Desktop.
Payloads to try to discover blind SQLi when no error is returned.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # The situation is the following: | |
| # Your enter ab in a feature and it return data to you but when your enter ab' it indicate that there is not data found. | |
| # | |
| # So, does it means that there is no SQLi because ab' is well handled OR the error is catched | |
| # and a "not data found message" is returned? | |
| # | |
| # The goal here is to submit a payload that, if interpreted by the SQL DB, will give ab and then data will be returned | |
| # then indicating that there is a SQLi because the payload is interpreted. | |
| ab';# | |
| ab';-- | |
| a' 'b | |
| a'/* */'b | |
| a'||'b |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment