hidden union-based sql injection

[the-rend]

What would you like added? addition to SQL injection topic: there are some blind SQL injections that can be turned into union-based ones. the reason at first they're detected as blind injections is those injections happen in complex queries and appending the usual union-based payloads to the vulnerable parameter breaks the original query. one way to recognize these kinds of injections is when "order by" technique works, but you end up with a blind injection. I'd like to explain how someone can turn these injections into union-based ones. here's the complete article: Healing blind injections

Would you like to be assigned to this issue?

• [x] Assign me, please!