SQL injection on integer field
I have an application and a username field converts any given value to an integer value using integer.parseint
. The application uses JSP and Oracle database.
The url has been tested with SQLMap and is not dynamic. So the only way I can try is to get the registration form, but I couldn't get around it.
When I place '
or 1=1
-, the server returns an error error for input string
.
I want to enter a field, so how can I do it?
I don't know if I can use an alternative encoding because it will convert it to integer anyway.
+3
source to share