💻
OSWE Everything
💻
OSWE Everything
  • VULNERABILITIES
    • Type Juggling
    • Cross Site Scripting
      • Hunting for files
    • Insecure Deserialization
      • .NET
    • SQL Injection
      • Blind SQL Injection
      • SQLi debugging
      • Code review
      • Errors and additional information
      • Approaches to leverage different databases
    • XML External Entity (XXE)
      • Types of XML Entities
      • Exploitation
      • Wrappers for errors
      • Post Exploitation
    • OS Command Injection
      • Exploitation
    • Server Side Template Injection
      • Exploitation
    • Authentication Bypass
      • Checklist
  • Unsecure Random Function
    • Exploitation
  • Cross Origin Resource Sharing (CORS)
    • Prerequisites of Exploitation
  • Client Side Request Forgery (CSRF)
    • Prerequisites of Exploitation
  • Exploit Writing
    • Cheatsheet
    • Skeleton Scripts
  • Code review
    • Manual code review
      • Routing
      • Searching for exploits
      • Debugging
    • Decompilation
      • Java
      • .NET
    • Managing the application
      • Identifying application file location
      • Restarting web applications
      • Manipulation of Assembly Attributes for Debugging (.NET)
  • Preparation Machines
    • [HTB] Vault
    • Other HTB scripts
  • ADDITIONAL INFORMATION
    • Sources
  • External Resources
    • WhiteBox Pentest
Powered by GitBook
On this page
  1. VULNERABILITIES
  2. SQL Injection

Errors and additional information

Sometimes you will encounter SQL errors during exploitation.

Collations

Database collation defines the rules for comparing characters within a character set.

(collations will not take the case into consideration when comparing values)

sample collation: utf8mb4_general_ci (case insensitive, two last letters)

Fix:

It is possible for us to force a collation within the query. However, we first need to determine the collation used by application:

SELECT COLLATION_NAME
FROM information_schema.columns
WHERE TABLE_NAME = "<TABLE_NAME>" AND COLUMN_NAME = "<COLUMN_NAME>";

Add this keyword to your SELECT command:

COLLATE utf8mb4_general_ci
PreviousCode reviewNextApproaches to leverage different databases

Last updated 2 months ago