i have an app, and the username field will convert any given value to the integer value using integer.parseint..
the app use jsp and oracle database..
the url has been tested with sqlmap and it is not dynamic..so the only way i can try is via the login form.. but i could not bypass it..
but when i put ' or 1=1-- ,the server return error "error for input string"..
the app convert that to string.. so how it can be done? i don't know whether i can use the alternate encoding because it will convert that to integer anyway..
I am sorry, but I am completely confused. and as you have had no replys I am guessing so is everyone else.
All of the information you have provided seems so fragmented I have no idea what to make of it.
what is your actual problem? are you getting an error message?
sorry if my explanation is confusing..it is actually like this..
i have an application..it is at my localhost, and ofcoz i have the source code.. i want to do sqli to that app.. based on the entry points to inject codes, i determined that the login form can be used..
login form has 2 fields.. username and password.. the input given in the username field will be converted to the integer.. so when i put the value " hi' OR 1=1-- " in the field, the server return error says that "error: for input string" because the value cannot be converted to the integer..
i don't have any idea how to do sqli on that kind of login form..
i have tested the input parameter in the url using sqlmap, and looks like it is not injectable..but i still did not try sqli on that in depth./
ahh now i understand, but don't have any experience but..
it seems to me that by converting to an integer you are stopping the problem all together, the page i found explaining what sqlia was the example are using the password.
as a secondary question: are all usernames going to be numbers?
i am sorry Mrs Gibbons, my mistake..i am really2 sorry... i'll take that as a lesson for sure..
yeah its true, a lot of pictures but it is just for preview only.. i want to do sqlia but still not able to do it..