SQL injection on integer field
I have an application and a username field converts any given value to an integer value using integer.parseint
. The application uses JSP and Oracle database.
The url has been tested with SQLMap and is not dynamic. So the only way I can try is to get the registration form, but I couldn't get around it.
When I place '
or 1=1
-, the server returns an error error for input string
.
I want to enter a field, so how can I do it?
I don't know if I can use an alternative encoding because it will convert it to integer anyway.
It cannot be done.
If the value is parsed as an integer, it can no longer contain malicious code.