Code/Logic Breaking with Special Characters/Symbols.
Mostly Many developers while writing the code. They forgot to add regex for special characters/symbols which can break the flow/logic of execution of the application. Which may help in the lead to get some system verbose error for the same.
So the same way in the below image by adding some special characters able to get the SQL queries in the error section.
Some Useful special characters/symbols listed below for the same exploits you can use. The idea behind this vulnerability to try yo use some more special character/symbols in those sections where the multiple parameters are bind together to retrieve the data or the parameters where the specific set of value are preset like (a string of alphabets only, numbers based string) in which no other characters are allowed to use or preset.
List:-
- SQL Server:
%
_
[specifier] E.g. [a-z]
[^specifier]
ESCAPE clause e.g. %30!%%' ESCAPE '!' will evaluate 30% as true
' characters need to be escaped with ' e.g. what's becomes what''s
MySQL:
% - Any string of zero or more characters.
_ - Any single character
ESCAPE clause E.g. %30!%%' ESCAPE '!' will evaluate 30% as true
Oracle:
% - Any string of zero or more characters.
_ - Any single character
ESCAPE clause E.g. %30!%%' ESCAPE '!' will evaluate 30% as true
Sybase
%
_
[specifier] E.g. [a-z]
[^specifier]
Progress:
% - Any string of zero or more characters.
_ - Any single character
Reference Guide here [PDF]
PostgreSQL:
% - Any string of zero or more characters.
_ - Any single character
ESCAPE clause E.g. %30!%%' ESCAPE '!' will evaluate 30% as true
ANSI SQL92:
% - Any string of zero or more characters.
_ - Any single character
Common code break %df# (# mark the rest of the data as comments)
We recommend to always use regex system on input section.
This post will always update on every week or whenever new technologies come out in market.