Jonnycake Posted September 3, 2009 Share Posted September 3, 2009 So, I am working on a blind sql injection vulnerability so I went about it the normal way. Check if the first letter is greater than another letter to decide whether it's this letter and if not in what relationship is it, however > and < are filtered out to prevent XSS (which they are protected against and ironically not protected against an SQL injection, go figure!). So, here's my theory, if I were to subtract the int value of a letter from the int value of the first character in the string and then cancel it out by dividing by the absolute value of that result, it will allow me to find less than, equal to, or greater than by checking for -1, 0, and 1 respectively. But, I have a problem: I can't seem to convert the char to an int! I've been googling all day and yet haven't found how. Does anyone know how I could do it? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.