SQL injection on integer field

I have an application and a username field converts any given value to an integer value using integer.parseint

. The application uses JSP and Oracle database.

The url has been tested with SQLMap and is not dynamic. So the only way I can try is to get the registration form, but I couldn't get around it.

When I place '

or 1=1

-, the server returns an error error for input string


I want to enter a field, so how can I do it?

I don't know if I can use an alternative encoding because it will convert it to integer anyway.


source to share

1 answer

It cannot be done.

If the value is parsed as an integer, it can no longer contain malicious code.



All Articles