Discussion
it was pretty hard but with all fun and learning
If you're struggling, the concepts on this blog are explained very nicely-
Hello,
I have a doubt.
when given an id, it returns 3 text values (name,breed and color). When I try the payload (id=1+union+select+'a','b','c','d') why is it returning nothing.
because since when an id is given it is returning text values the result from the union operation should be text values or union query will fail.
but when I use the below payload it is working fine. id=1+union+select+1,2,3,4
the above query should cause error and should not give any results. But the app is returning 1,2,3 values on to the website.
What is happening here? Could anyone explain me?
Thanks
quick update:- inplace of 1 in id=1+union+select+1,2,3,4 I have used 'a'. SO the query now is
id=1+union+select+'a',2,3,4. <---- This is returning 0 results.
But when I use below query it is returning table names.
id=1+union+select+table_name,2,3,4 from information_schema.tables <---- returns table names
No idea why. Could someone please explain?
THanks
1 week ago
Is it by design that https://web.ctflearn.com/web8/fade.js is missing and returns 404 when browser tries to load it?