Hi all,
I am currently following the module “SQL Injection Fundamentals”. In the chapter “Union Injection”, they use some UNION command that are preceded by cn’. For instance when injecting a 3-column union query:
cn’ UNION select 1,2,3–
I don’t get where the cn’ comes from and what it does. Anyone who can help?
Thanks,
Roy
Cn is just the actual command sent to the database. You could replace that with anything such as 1 or whatever. That’s the real command a user would send. The ‘ is the beginning of the injection and it closes out the actual input that users would send in. If you don’t know exactly what the ‘ is or are struggling with the materials, portswigger starts at a lower level for sql injection and does more granular labs.
Ah yes, I see. The “Cn” made me think that it was an actual command doing something, rather than being something arbitrarily. But now I understand. Thanks for your response!