I have a website which contains sql injection vulnerability but i can exploit it, just because of some filtration by the web server.
So i have a payload order by 4 to find the columns but i can't find. I don't know whats happening but when i use this payload it works ' order by 4--+ when this payload executes i get the column error.
So what happens with the second one? The main doubt is what is the work of the --+ and why is it necessary to put a single tick (') in second payload?
Aucun commentaire:
Enregistrer un commentaire