Comments on: SQL Injection in Search Fields https://www.exploresecurity.com/sql-injection-in-search-fields/ IT security tools, techniques and commentary Sun, 07 Sep 2025 03:12:25 +0000 hourly 1 http://wordpress.org/?v=3.6.1 By: Jerome https://www.exploresecurity.com/sql-injection-in-search-fields/#comment-67617 Jerome Tue, 03 Mar 2020 23:02:12 +0000 http://www.exploresecurity.com/?p=234#comment-67617 Sorry, but I wrote this article over 5 years ago so I can’t remember anything more about this particular case. In general, what I’d recommend is first focusing on getting a simple proof-of-concept working using manual injection. This will ensure you understand the nature of the query in which the injection point resides e.g. in the above case I had to cater for nested queries by adding )). Ideally, only once you’re getting reliable results from manual techniques is it worth throwing an automated tool like sqlmap at the problem. In this way, if the tool fails, you know either it’s your configuration of the tool or the tool itself. Without proving the case manually, another reason for the tool failing is that there isn’t a vulnerability there at all!

]]> By: zonduu https://www.exploresecurity.com/sql-injection-in-search-fields/#comment-67607 zonduu Mon, 02 Mar 2020 03:09:17 +0000 http://www.exploresecurity.com/?p=234#comment-67607 I have the same exact behavior in one website i am testing, but when trying it with sqmal using “space2comment” i had no luck. Could you please tell me how was the payload used by sqlmap that worked? I want to try a sleep command or anything that really confirms this issue! Please!!!

]]> By: Jerome https://www.exploresecurity.com/sql-injection-in-search-fields/#comment-19292 Jerome Mon, 21 Aug 2017 20:50:32 +0000 http://www.exploresecurity.com/?p=234#comment-19292 Looks to be an unbalanced string – i.e. too many apostrophes

]]> By: Mr Khan https://www.exploresecurity.com/sql-injection-in-search-fields/#comment-19135 Mr Khan Sat, 19 Aug 2017 15:16:26 +0000 http://www.exploresecurity.com/?p=234#comment-19135 how can i bypass this database error

Error Number: 1064

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘%’ and status=1 order by id desc limit 0,30′ at line 1

select * from movies where name like ‘%’%’ and status=1 order by id desc limit 0,30

Filename: controllers/En.php

Line Number: 129

]]> By: Jerome https://www.exploresecurity.com/sql-injection-in-search-fields/#comment-7691 Jerome Mon, 09 May 2016 21:29:27 +0000 http://www.exploresecurity.com/?p=234#comment-7691 In MySQL (and therefore in MariaDB) the quote character ” can be used for string literals just like an apostrophe ‘. See the reference at https://mariadb.com/kb/en/mariadb/string-literals/.

]]> By: Cury https://www.exploresecurity.com/sql-injection-in-search-fields/#comment-7671 Cury Sat, 07 May 2016 22:12:23 +0000 http://www.exploresecurity.com/?p=234#comment-7671 Could I ask a dumb question? What if u escape the ” character with a back slash?
For example, x” (I’m searching an online foreign dictionary) gives a SQL error:

Searching for: x”Database errorYou have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ‘%”‘ at line 1

Bur when I do it like this: x\” it works.

Thanks alot

]]>