SQL Injection without commas

While code reviewing a PHP web application last weekend I was happy to find a SQL injection vulnerability quickly in a search function. it was a time-based one and verified with a simple sleep() command So I decided to launch SQLmap to automate the rest of the exploitation part, However turned out things did not […]