##My approach:
My approach:
SELECT password FROM users WHERE name = 'root''root';
SELECT password FROM users WHERE name = 0x726f6f740x726f6f74;
SELECT password FROM users WHERE name = UNHEX('726f6f74');
The ** 0x**0x
prefix can only be used for data columns such as char, varchar, text, block, binary, etcchar
, varchar
, text
, block
, binary
, etc.
Also, its use is a little complicated if you are about to insert an empty string. You'll have to entirely replace it with ''
, or you'll get an error.
UNHEX()UNHEX()
works on any column; you do not have to worry about the empty string.
SELECT ... WHERE id = -1 union all select table_name from information_schema.tables
SELECT ... WHERE id = -1 UNION ALL SELECT table_name FROM information_schema.tables;
SELECT ... WHERE id = -1 union all select column_name from information_schema.column where table_name = 0x61727469636c65
SELECT ... WHERE id = -1 UNION ALL SELECT column_name FROM information_schema.column WHERE table_name = __0x61727469636c65__;
But if the coder of an injectable site would hex it, no injection would be possible because the query would look like this: SELECT ... WHERE id = UNHEX('2d312075...3635')
SELECT ... WHERE id = UNHEX('2d312075...3635');