What kind of encodings are used for bypassing SQL filters? Does Hex or Base64 work? What other kinds of encodings are used for this? And if I’m trying to test the filter of a login function,
can I just put the encoded string into the input field, or do I need to use an intercepting proxy?
I know a proxy has to be used for things that aren’t editable like cookies, http headers etc but do I need a proxy for things I can directly edit, like input fields?
Many encoding techniques won’t work with SQLi since they will not be decoded and interpreted as SQL.
Viewing 2 reply threads
You must be logged in to reply to this topic.
– EH-Net Live!“CISO Underrepresented“ w/ Mark Arnold and Steph Ihezukwu on Tues June 30 @ 1:00 PM US ET. Reg Open Now!