FILE_

The basic of Blind SQL Injection-pride from 해커스쿨
Blind SQL injection mysql-5 from ???

 

BLOG_

blind sql injection(1) – 기초

blind sql injection(2) – 기초

 

FUNCTION_

str = string, char = character, num# = number
same paragraph is similar funtion

substr(str, num1, num2) > return char
mid(str, num1, num2) > return char

length(str) > return number (length of str)

ascii(char) > return number(dec)
hex(char) > return number(hex)

concat(char or str, ..) >return string

char(number) > return (base of ascii)

locate(ori_str,sub_str,[opt]) > return point number
instr(ori_str,sub_str) > return point number
     etc…

 

Conditionals_

if (condition)
    (output)
  else
    (output)
case (condition)
   when (result)
     then (output)
   else
     (output)

     etc…

 

Regex

like (%{string} or _{char})
regex (regex)