Fun with SQL Injection using Unicode Smuggling
During a recent test, I ran into a curious SQL injection vulnerability that required some old but still valid tricks to bypass certain restrictions, and then some imagination to fully exploit it and get command execution on the vulnerable server. First off, identifying the SQL injection was trivial, our good