SQL injection on integer field

Question

SQL injection on integer field

I have an application and a username field converts any given value to an integer value using integer.parseint

. The application uses JSP and Oracle database.

The url has been tested with SQLMap and is not dynamic. So the only way I can try is to get the registration form, but I couldn't get around it.

When I place '

or 1=1

-, the server returns an error error for input string

.

I want to enter a field, so how can I do it?

I don't know if I can use an alternative encoding because it will convert it to integer anyway.

+3

sql code-injection

Bizarre 29 Mar 12 at 5:51

source to share

1 answer

Guffa · Accepted Answer · 2012-03-29T06:07:22+0000

It cannot be done.

If the value is parsed as an integer, it can no longer contain malicious code.

SQL injection on integer field

More articles: