Suppose the website is written in PHP which disables multiple statements. If the query looks like this:
Select id From TableX Where num = >userInput<
Is it impossible to Update or Delete record by SQL Injection? Is it possible to get the content from another table, like tableB, which may not be union-compatible?
Thanks in advance.
userInput = -1 union select GetCharCode(SomeStringField, CharPosition) from SomeTable where SomeCondition, where GetCharCode returns the code of character in CharPosition of SomeStringField (you need to write some DB-specific code there) will help you to get the value of SomeStringField by looping through possible CharPositions, and thus bypass the problem of tableB not being "union-compatible".
I am curious about questions like "How to inject", "How to break in", "How to steal some info", implying getting step by step instructions - are such questions welcome on this site or not?