Is there a way to do a SQL injection without using the single quote '
?
I've looked to a lot of questions but they are all about single quote escaping or they do not contain a solution (SQL Injection after removing all single-quotes and dash-characters).
I'm doing a hack game and basically I have to extract a password from a db, I'm trying to do it by exploiting this query:
query = text("INSERT INTO data_table VALUES ([other values], '%s')" % data)
db.engine.execute(query, user=username)
trying to set data to:
'SELECT password FROM users WHERE username="admin" '
I think that this way the select should be executed and its result stored as data (I can easily read back that data from the website).
The problem is that when uploading the value that goes into data I cannot use the single quote '
(the system shows an error and I have to choose another value).
Is there a way to perform a similar injection without the single quote?