20Eyl
Bypass PHP strtoupper() to perform SQL-injection on MySQL database?
I encountered a particularly weird situation where I have an SQL Injection vulnerability in the ORDER BY clause. The query is forged on backend and the injection payload is converted to upper case with the strtoupper() PHP function as can …
