Jump to content

BSQLI

Jonnycake

By Jonnycake
in Security

 Share

Recommended Posts

Jonnycake Newbie

Jonnycake

Posted
Posted

So, I am working on a blind sql injection vulnerability so I went about it the normal way. Check if the first letter is greater than another letter to decide whether it's this letter and if not in what relationship is it, however > and < are filtered out to prevent XSS (which they are protected against and ironically not protected against an SQL injection, go figure!). So, here's my theory, if I were to subtract the int value of a letter from the int value of the first character in the string and then cancel it out by dividing by the absolute value of that result, it will allow me to find less than, equal to, or greater than by checking for -1, 0, and 1 respectively. But, I have a problem: I can't seem to convert the char to an int! I've been googling all day and yet haven't found how. Does anyone know how I could do it?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...