{"id":2829,"date":"2013-11-01T14:22:17","date_gmt":"2013-11-01T14:22:17","guid":{"rendered":"https:\/\/dn-www.azurewebsites.net\/2013\/11\/01\/blind-sql-injection-through-an-excel-spread-sheet\/"},"modified":"2025-07-29T15:07:33","modified_gmt":"2025-07-29T14:07:33","slug":"blind-sql-injection-through-an-excel-spread-sheet","status":"publish","type":"post","link":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/blind-sql-injection-through-an-excel-spread-sheet\/","title":{"rendered":"Blind SQL injection through an Excel spread sheet"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"2829\" class=\"elementor elementor-2829\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-af83a1e elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"af83a1e\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-4ccebc35\" data-id=\"4ccebc35\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-59524ee2 elementor-widget elementor-widget-text-editor\" data-id=\"59524ee2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>In a recent penetration test that I carried out, I faced an unusual form of SQL injection that fortunately (for me!) let me gain access to sensitive data in the backend database. I would like to share how I found this and exploited it with you. After doing the typical information gathering phase of the penetration test, I noticed that \u201cdirb\u201d (a command line alternative to DirBuster) had flagged a couple of interesting files as accessible (view Table 1). These files seemed to belong to the admin panel of the website, and thus they should not be accessible unless you had the right privileges.<\/p>\n<p><code>https:\/\/victim\/manager\/do.php https:\/\/victim\/manager\/do2.php <\/code><\/p>\n<p>Table 1 &#8211; File found by dirb. I double checked that both files were actually accessible by directly browsing to the given URL, and to my surprise I found what looked like an uploading form<\/p>\n<p><img decoding=\"async\" alt=\"Uploading Form\" src=\"\/wp-content\/uploads\/files\/1.jpg\" style=\"width: 557px; height: 100px;\"><\/p>\n<p>Image 1 \u2013 Uploading form. As shown in Image 1, the application seemed to only accept Excel files. It didn\u2019t seem possible to upload script files and get a remote shell, not through lack of trying, so I decided to put all my efforts in finding what kind of Excel file the application was expecting and see if I could take advantage of it. I tried creating a very basic Excel file, with just one row and a few cells with some random content in it, but it didn\u2019t work. I thought that if it was expecting an Excel file it should be parsing it and then inserting it in the database, so it may be some sort of bulk import functionality. Usually when dealing with bulk import, the application uses a standard format like CSV (Comma -separated Values) or some sort of variation. The common thing about all this formats is that most of them use the first row as a header, where they indicate the name of the fields to be read in the rows below it. An example is shown in the following table.<\/p>\n<table border=\"1\" style=\"width:210px;\">\n<tbody>\n<tr>\n<th>Piece ID<\/th>\n<th>Price<\/th>\n<th>Description<\/th>\n<\/tr>\n<tr>\n<td>123456<\/td>\n<td>25<\/td>\n<td>RAM &#8211; 2Mb<\/td>\n<\/tr>\n<tr>\n<td>123457<\/td>\n<td>89<\/td>\n<td>Graphic Card<\/td>\n<\/tr>\n<tr>\n<td>&#8230;<\/td>\n<td>&#8230;<\/td>\n<td>&#8230;<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Table 2 \u2013 Example of CSV-like format In the example we can see how the file contains a first row with three columns, each of one is used to identify the fields that will later be read. And below that first row, we can see the actual values that will be parsed and inserted in the database. With this in mind, I thought it would be worth trying a similar structure for my Excel file, and\u2026 it worked!<\/p>\n<p><img decoding=\"async\" alt=\"Valid Upload\" src=\"\/wp-content\/uploads\/files\/2.jpg\" style=\"width: 311px; height: 125px;\"> Image 2 \u2013 Message after successful Excel file upload. After some testing I came to the conclusion that the application just needed an Excel file with a header row with two fields (it did not actually matter the name of each field as long as they were there), and then a number of rows with the actual values to be parsed and inserted to the database.<\/p>\n<table border=\"1\" style=\"width:115px;\">\n<tbody>\n<tr>\n<th>Field 1<\/th>\n<th>Field 2<\/th>\n<\/tr>\n<tr>\n<td>Value 1<\/td>\n<td>Value 2<\/td>\n<\/tr>\n<tr>\n<td>&#8230;<\/td>\n<td>&#8230;<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Table 3 \u2013 Example of accepted Excel file. Curiously enough, if I tried to upload exactly the same file, without modifying any of the fields (not the header but the values), I got a different message, shown in the image below. Although at that moment I didn\u2019t give it the importance it deserved, this would be a key factor, but I\u2019ll come back to it in a minute.<\/p>\n<p><img decoding=\"async\" alt=\"Duplicate Upload\" src=\"\/wp-content\/uploads\/files\/3.jpg\" style=\"width: 290px; height: 130px;\"><\/p>\n<p>Image 3 \u2013 Message after duplicated Excel file upload. After playing for a while with the upload form, I was kind of stuck. I had credentials for the admin panel, but I did not want to use them, I wanted to keep it as real as possible. A real attacker would not have access to the admin panel, so I wouldn\u2019t either. While thinking what I could possibly do with this, I thought it could be worth entering a harmless single quote in one of the values, for example in the second field, something like: \u201cValue2\u2019\u201d. And to my surprise this returned the same error message as the one shown in Image 3. interestingly, it looked like the single quote was breaking the SQL query used in the back-end to insert new values. A SQL injection through an Excel Spread Sheet used to import data in bulk, this was going to be different! Once my initial happiness was gone I was ready to get my hands dirty, so I started thinking about a valid approach to exploit this specific SQL injection. A very important nuance is that the values read from the Excel file were used in an INSERT statement, cutting down the exploitation methods. And to make things even worse, I was probably injecting in the last parameter of the INSERT clause, reducing even more my chances of exploitation. Let me explain you why:<\/p>\n<p><code>INSERT INTO Table_name (Field1, Field2) VALUES ('+ Value1_from_XLS +','+ Value2_from_XLS +'); <\/code><\/p>\n<p>In the piece of code above we can see my idea of what the SQL query they were using looked like. As mentioned before, I was injecting in the last part of that query, more concretely where it says \u201cValue2_from_XLS\u201d. That meant that apart from having to exploit the SQL injection in an INSERT clause (not as usual and not as easy as in a SELECT statement), I had to do it by crafting a request that didn\u2019t break the syntax of the INSERT clause but doing something useful for me at the same time, and the fact that the injection point was at the last parameter did not help at all! But hold on, why don\u2019t you use the first parameter (Value1), so you can close it with a single quote and then use the second field of the clause to insert something useful that hopefully you can later retrieve?. Well, I wondered the same thing, so I proceeded to use the first value to carry on with the exploitation, but&#8230; it did not work! Yeah, you are reading right, it did NOT work! I was not able to craft a single request that injected my own SQL code and that at the same time did not break the original query. After giving it some thought, going for a walk, doing some push ups, asking to my colleagues and listening to Justin Bieber to get some inspiration\u2026 something crossed my mind. I told to myself \u201cWhy is it giving me a different message if I use the same exact values in two following uploads?\u201d And I answered to myself something like \u201cWell, maybe it is because it is doing some sort of verification to ensure that there are no duplicate entries in the database, it sounds reasonable after all, right?\u201d So with this in mind, I drafted a quick pseudo-code with what in theory the application was doing in the back-end: <code> q1 = <\/code><\/p>\n<p><code>SELECT * FROM Table_name WHERE Field1='+ Value1_from_XLS +'; if (q1 &gt; 0) already exists else q2 = INSERT INTO Table_name (Field1, Field2) VALUES ('+ Value1_from_XLS +','+ Value2_from_XLS +'); <\/code><\/p>\n<p>If my theory was correct I could use the first field as the injection point in a SELECT statement and take advantage of the two different messages shown back by the application to perform a strange form of Blind SQL injection. To prove my theory I crafted two different Excel files, one that would force the overall SELECT clause to evaluate as true, and one that would do the opposite. To do this all I had to do is use a value that did not exist in the database, and combine it with an OR statement that I could modify to my need:<\/p>\n<table border=\"1\" style=\"width:220px;\">\n<tbody>\n<tr>\n<th>Field 1<\/th>\n<th>Field 2<\/th>\n<\/tr>\n<tr>\n<td>invalidValue\u2019 OR 1=1<\/td>\n<td>NotImportant<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Table 4 \u2013 Overall evaluation of TRUE<\/p>\n<table border=\"1\" style=\"width:220px;\">\n<tbody>\n<tr>\n<th>Field 1<\/th>\n<th>Field 2<\/th>\n<\/tr>\n<tr>\n<td>invalidValue\u2019 OR 1=2<\/td>\n<td>NotImportant<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Table 5 \u2013 Overall evaluation of FALSE I crossed my fingers, tested both Excel files, and\u2026 it worked!. After all my efforts and almost the whole day gone I had a shiny working SQL injection. The next morning, with a fresh mind, I successfully retrieved some sample data to show the client in the report (I won\u2019t go through the details of it as it is out of the scope of this post). Note that although the XLS format is somehow encoded and has tons of clutter, you can still see the raw strings of your data, so with the help of Burp Intruder the process was not too painful. To conclude, while carrying out a penetration test, and as shown in this post, you can find vulnerabilities anywhere. Sometimes it will be easier and sometimes it will be tougher, just don\u2019t give up! Antonio.<\/p><p><br><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>In a recent penetration test that I carried out, I faced an unusual form of SQL injection that fortunately (for me!) let me gain access to sensitive data in the backend database. I would like to share how I found this and exploited it with you. After doing the typical information gathering phase of the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":23977,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[207],"class_list":["post-2829","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-researchblog","tag-web_applications","wpbf-post"],"contentshake_article_id":"","yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Blind SQL injection through an Excel spread sheet<\/title>\n<meta name=\"description\" content=\"Explore how a blind SQL injection vulnerability was discovered via an Excel file upload, highlighting the importance of input validation and testing.\" \/>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Blind SQL injection through an Excel spread sheet\" \/>\n<meta property=\"og:description\" content=\"Explore how a blind SQL injection vulnerability was discovered via an Excel file upload, highlighting the importance of input validation and testing.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/blind-sql-injection-through-an-excel-spread-sheet\/\" \/>\n<meta property=\"og:site_name\" content=\"Dionach\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/dionachcyber\" \/>\n<meta property=\"article:published_time\" content=\"2013-11-01T14:22:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-29T14:07:33+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/dionach.development-visionsharp.co.uk\/wp-content\/uploads\/2013\/11\/AdobeStock_571512680.jpeg?fit=2048%2C1215&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"2048\" \/>\n\t<meta property=\"og:image:height\" content=\"1215\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Dionach Admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:site\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dionach Admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/blind-sql-injection-through-an-excel-spread-sheet\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/blind-sql-injection-through-an-excel-spread-sheet\\\/\"},\"author\":{\"name\":\"Dionach Admin\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#\\\/schema\\\/person\\\/effca060e22bfa3cc6cd03f74a50fdb4\"},\"headline\":\"Blind SQL injection through an Excel spread sheet\",\"datePublished\":\"2013-11-01T14:22:17+00:00\",\"dateModified\":\"2025-07-29T14:07:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/blind-sql-injection-through-an-excel-spread-sheet\\\/\"},\"wordCount\":1374,\"publisher\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/blind-sql-injection-through-an-excel-spread-sheet\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/dionach.development-visionsharp.co.uk\\\/wp-content\\\/uploads\\\/2013\\\/11\\\/AdobeStock_571512680.jpeg?fit=2048%2C1215&ssl=1\",\"keywords\":[\"web applications\"],\"articleSection\":[\"researchblog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/blind-sql-injection-through-an-excel-spread-sheet\\\/\",\"url\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/blind-sql-injection-through-an-excel-spread-sheet\\\/\",\"name\":\"Blind SQL injection through an Excel spread sheet\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/blind-sql-injection-through-an-excel-spread-sheet\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/blind-sql-injection-through-an-excel-spread-sheet\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/dionach.development-visionsharp.co.uk\\\/wp-content\\\/uploads\\\/2013\\\/11\\\/AdobeStock_571512680.jpeg?fit=2048%2C1215&ssl=1\",\"datePublished\":\"2013-11-01T14:22:17+00:00\",\"dateModified\":\"2025-07-29T14:07:33+00:00\",\"description\":\"Explore how a blind SQL injection vulnerability was discovered via an Excel file upload, highlighting the importance of input validation and testing.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/blind-sql-injection-through-an-excel-spread-sheet\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/blind-sql-injection-through-an-excel-spread-sheet\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/blind-sql-injection-through-an-excel-spread-sheet\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/dionach.development-visionsharp.co.uk\\\/wp-content\\\/uploads\\\/2013\\\/11\\\/AdobeStock_571512680.jpeg?fit=2048%2C1215&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/dionach.development-visionsharp.co.uk\\\/wp-content\\\/uploads\\\/2013\\\/11\\\/AdobeStock_571512680.jpeg?fit=2048%2C1215&ssl=1\",\"width\":2048,\"height\":1215,\"caption\":\"SQL\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/blind-sql-injection-through-an-excel-spread-sheet\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/homepage-usa\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Blind SQL injection through an Excel spread sheet\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#website\",\"url\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/\",\"name\":\"Dionach\",\"description\":\"Real Security in a Virtual World\",\"publisher\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#organization\",\"name\":\"Dionach\",\"url\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"contentUrl\":\"https:\\\/\\\/dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"width\":512,\"height\":512,\"caption\":\"Dionach\"},\"image\":{\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/dionachcyber\",\"https:\\\/\\\/x.com\\\/dionachcyber\",\"https:\\\/\\\/uk.linkedin.com\\\/company\\\/dionach-ltd\",\"https:\\\/\\\/www.instagram.com\\\/dionachcyber\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/dionach.development-visionsharp.co.uk\\\/en-us\\\/#\\\/schema\\\/person\\\/effca060e22bfa3cc6cd03f74a50fdb4\",\"name\":\"Dionach Admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"caption\":\"Dionach Admin\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Blind SQL injection through an Excel spread sheet","description":"Explore how a blind SQL injection vulnerability was discovered via an Excel file upload, highlighting the importance of input validation and testing.","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"Blind SQL injection through an Excel spread sheet","og_description":"Explore how a blind SQL injection vulnerability was discovered via an Excel file upload, highlighting the importance of input validation and testing.","og_url":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/blind-sql-injection-through-an-excel-spread-sheet\/","og_site_name":"Dionach","article_publisher":"https:\/\/www.facebook.com\/dionachcyber","article_published_time":"2013-11-01T14:22:17+00:00","article_modified_time":"2025-07-29T14:07:33+00:00","og_image":[{"width":2048,"height":1215,"url":"https:\/\/i0.wp.com\/dionach.development-visionsharp.co.uk\/wp-content\/uploads\/2013\/11\/AdobeStock_571512680.jpeg?fit=2048%2C1215&ssl=1","type":"image\/jpeg"}],"author":"Dionach Admin","twitter_card":"summary_large_image","twitter_creator":"@dionachcyber","twitter_site":"@dionachcyber","twitter_misc":{"Written by":"Dionach Admin","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/blind-sql-injection-through-an-excel-spread-sheet\/#article","isPartOf":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/blind-sql-injection-through-an-excel-spread-sheet\/"},"author":{"name":"Dionach Admin","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#\/schema\/person\/effca060e22bfa3cc6cd03f74a50fdb4"},"headline":"Blind SQL injection through an Excel spread sheet","datePublished":"2013-11-01T14:22:17+00:00","dateModified":"2025-07-29T14:07:33+00:00","mainEntityOfPage":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/blind-sql-injection-through-an-excel-spread-sheet\/"},"wordCount":1374,"publisher":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#organization"},"image":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/blind-sql-injection-through-an-excel-spread-sheet\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/dionach.development-visionsharp.co.uk\/wp-content\/uploads\/2013\/11\/AdobeStock_571512680.jpeg?fit=2048%2C1215&ssl=1","keywords":["web applications"],"articleSection":["researchblog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/blind-sql-injection-through-an-excel-spread-sheet\/","url":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/blind-sql-injection-through-an-excel-spread-sheet\/","name":"Blind SQL injection through an Excel spread sheet","isPartOf":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#website"},"primaryImageOfPage":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/blind-sql-injection-through-an-excel-spread-sheet\/#primaryimage"},"image":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/blind-sql-injection-through-an-excel-spread-sheet\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/dionach.development-visionsharp.co.uk\/wp-content\/uploads\/2013\/11\/AdobeStock_571512680.jpeg?fit=2048%2C1215&ssl=1","datePublished":"2013-11-01T14:22:17+00:00","dateModified":"2025-07-29T14:07:33+00:00","description":"Explore how a blind SQL injection vulnerability was discovered via an Excel file upload, highlighting the importance of input validation and testing.","breadcrumb":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/blind-sql-injection-through-an-excel-spread-sheet\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/dionach.development-visionsharp.co.uk\/en-us\/blind-sql-injection-through-an-excel-spread-sheet\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/blind-sql-injection-through-an-excel-spread-sheet\/#primaryimage","url":"https:\/\/i0.wp.com\/dionach.development-visionsharp.co.uk\/wp-content\/uploads\/2013\/11\/AdobeStock_571512680.jpeg?fit=2048%2C1215&ssl=1","contentUrl":"https:\/\/i0.wp.com\/dionach.development-visionsharp.co.uk\/wp-content\/uploads\/2013\/11\/AdobeStock_571512680.jpeg?fit=2048%2C1215&ssl=1","width":2048,"height":1215,"caption":"SQL"},{"@type":"BreadcrumbList","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/blind-sql-injection-through-an-excel-spread-sheet\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/homepage-usa\/"},{"@type":"ListItem","position":2,"name":"Blind SQL injection through an Excel spread sheet"}]},{"@type":"WebSite","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#website","url":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/","name":"Dionach","description":"Real Security in a Virtual World","publisher":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#organization","name":"Dionach","url":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#\/schema\/logo\/image\/","url":"https:\/\/dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","contentUrl":"https:\/\/dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","width":512,"height":512,"caption":"Dionach"},"image":{"@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/dionachcyber","https:\/\/x.com\/dionachcyber","https:\/\/uk.linkedin.com\/company\/dionach-ltd","https:\/\/www.instagram.com\/dionachcyber\/"]},{"@type":"Person","@id":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/#\/schema\/person\/effca060e22bfa3cc6cd03f74a50fdb4","name":"Dionach Admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","caption":"Dionach Admin"}}]}},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/dionach.development-visionsharp.co.uk\/wp-content\/uploads\/2013\/11\/AdobeStock_571512680.jpeg?fit=2048%2C1215&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/ph4Ojq-JD","_links":{"self":[{"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/posts\/2829","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/comments?post=2829"}],"version-history":[{"count":0,"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/posts\/2829\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/media\/23977"}],"wp:attachment":[{"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/media?parent=2829"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/categories?post=2829"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dionach.development-visionsharp.co.uk\/en-us\/wp-json\/wp\/v2\/tags?post=2829"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}