999999.9 /**/union/**/all /**/select /**/cast...
select cast (2000 as type of quint) from rdb$database select cast (2000 as int) from rdb$database. If TYPE OF is used with a (VAR)CHAR type, its character.
999999.9 //union//all //select //cast(0x393133353134353632312e39...)
Select char_length(cast('123456789 1' as varchar(10))) from rdb$database. Получаем: Exception ... string truncation Т.е. пробел мы обрезать
999999.9 /. ... (./union//all //select 0x393133353134353632312e39
UNION ALL пример: SELECT 'foo' AS bar UNION ALL SELECT 'foo' AS bar ... Оба UNION и UNION ALL объединяют результат двух разных SQL.
PayloadsAllTheThings/MySQL Injection.md at master...
1' UNION SELECT @--+ #The used SELECT statements have a different number of columns 1' UNION SELECT
Шпаргалка по SQL инъекциям | DefconRU
Синтаксис: 0xHEX_ЧИСЛО (SM): SELECT CHAR(0x66) (S) SELECT 0x5045 (это не число, а строка) (M) SELECT 0x50 + 0x45 (теперь это
SQL Инъекции | Page 797 | ANTICHAT - Security online community
...Null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,concat
999999.9 /**/union/**/all /**/select /**/cast...
Best Result For : 999999.9 uNiOn aLl sElEcT cAsT 0x393133353134353632312e39 as char
sqlmap | Pentest tools | Яндекс Дзен
--union-char=UCHAR Символ для ��спользования при брутфорсинге количества колонок. --union-from=UFROM Таблица для использования в FROM части UNION запроса SQL инъекции. --dns-domain=ДОМЕН Доменное имя, используемое для эксфильтрационной атаки DNS.
javascript - Convert a string to an integer? - Stack Overflow
Google gave me this answer as result, so... I actually needed to "save" a string as an integer, for a binding between C and JavaScript, so I convert the string into a integer value
mysql - How to handle these 404 errors that look like... - Server Fault
As for being a malicious bastard when it comes to security (which is the approach I take)... I usually have an apache front end that does nothing but reverse proxy and