{"id":2921,"date":"2018-05-01T23:00:00","date_gmt":"2018-05-01T22:00:00","guid":{"rendered":"https:\/\/dn-www.azurewebsites.net\/2018\/05\/01\/fun-with-sql-injection-using-unicode-smuggling\/"},"modified":"2022-10-25T10:50:21","modified_gmt":"2022-10-25T09:50:21","slug":"fun-with-sql-injection-using-unicode-smuggling","status":"publish","type":"post","link":"https:\/\/dionach.com\/nl\/fun-with-sql-injection-using-unicode-smuggling\/","title":{"rendered":"Fun with SQL Injection using Unicode Smuggling"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

During a recent test, I ran into a curious SQL injection vulnerability that required some old but still valid tricks to bypass certain restrictions, and then some imagination to fully exploit it and get command execution on the vulnerable server.<\/p>\n

First off, identifying the SQL injection was trivial, our good old friend, the single quote, helped me with this. The response below is what the website returned when a single quote was sent via the vulnerable parameter:<\/p>\n

{\n\n\"$id\": \"1\",\n\n\"HasError\": true,\n\n\"Error\": \"Cannot insert duplicate key row in<\/strong> object 'dbo.AddressType' with unique index 'UX_AddressType_Name'. The duplicate key value is (test').\n\ninsert into  AddressType (Name,IsInUse,SystemRequired) values  ('test''',<\/strong>\n\ninsert into  AddressType (Name,IsInUse,SystemRequired) values  ('test''',0,\\r\\n insert into  AddressType (Name,IsInUse,SystemRequired) values  ('test''',0,0)\\r\\nThe statement has been terminated.\",\n\n\"ErrorCode\": 998\n\n}\n<\/pre>\n
One thing to note from the error message above is that the single quote in the payload is being doubled, so it seemed as if the developers decided to replace every single quote with 2 double quotes.<\/p>\n
This was quite suspicious, so after doing some research, I found a very old technique from 2007 called Unicode Smuggling (https:\/\/www.owasp.org\/images\/d\/d4\/OWASP_IL_2007_SQL_Smuggling.pdf<\/a>). The idea is simple and is used in many other type of attacks; you send a Unicode character similar to the character being blacklisted (in this case replaced), and if you are lucky it will get converted into what you actually wanted to send. In this case, we have the Unicode character U+02BC (\u02bc) that can be used for these type of attacks, so I gave it a go with the following payload:<\/p>\n
[\u2026]\n\n\"columnValue\": \"SQLi\u00ca\u00bc,0,0);WAITFOR DELAY \u00ca\u00bc0:0:10\u00ca\u00bc;--\"<\/strong>\n\n[\u2026]\n<\/pre>\n
And the response from the server, with the time of the response highlighted in green, was as shown below:<\/p>\n
\"\"<\/p>\n
After this, and to my surprise, I verified that the database user had sysadmin permissions on the Microsoft SQL Server 2016 database, which meant that after a couple more requests I enabled our good old friend “xp_cmdshell” and had a basic shell on the server.<\/p>\n
As lucky as I was, I ran into issues with the payload size, which made it really difficult to run useful commands. After trying a few different techniques to exfiltrate data via DNS requests and other esoteric options, I figured out a somehow elegant way of delivering longer payloads without running into the length issue that I commented before, by breaking down exploitation as detailed below:<\/p>\n
    \n
  1. I created a new temporary table:<\/li>\n<\/ol>\n
    \"\"<\/p>\n
    \"\"<\/p>\n
      \n
    1. Stored the results of “xp_cmdshell” in it:<\/li>\n<\/ol>\n
      \"\"<\/p>\n
        \n
      1. Then I used the vulnerable SQL query to read the output from the previous table. As I am quite lazy, and didn\u2019t want to have to make another request to read the results, I forced a casting error, so I could read the output of the payload directly!<\/li>\n<\/ol>\n
        \"\"<\/p>\n
        \"\"<\/p>\n
        As you can see, by combining some well-known but not common bypasses with some imagination, it’s still possible to have good fun with SQL injection!<\/p>

        <\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
        \n\t\t\t\t\t\t
        \n\t\t\t\t\t
        \n\t\t\t
        \n\t\t\t\t\t\t
        \n\t\t\t\t
        \n\t\t\t\t\t\t\t\t\t
        Find out how we can help with your\u00a0cyber challenge<\/h1>
        Please enter your contact details using the form below for a free, no obligation, quote and we will get back to you as soon as possible. Alternatively, you can email us directly at\u00a0busdev@www.dionach.com <\/a>[et_pb_column type=”4_4″ _builder_version=”4.18.0″ _module_preset=”default” global_colors_info=”{}”][et_pb_code _builder_version=”4.18.0″ _module_preset=”default” global_colors_info=”{}”][\/et_pb_code][et_pb_code _builder_version=”4.18.0″ _module_preset=”default” global_colors_info=”{}”][gravityform id=”1″ title=”false”][\/et_pb_code][\/et_pb_column]<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"
        During a recent test, I ran into a curious SQL injection vulnerability that required some old but still valid tricks to bypass certain restrictions, and then some imagination to fully exploit it and get command execution on the vulnerable server. First off, identifying the SQL injection was trivial, our good old friend, the single quote, […]<\/p>\n","protected":false},"author":1,"featured_media":8999,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[207],"class_list":["post-2921","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-researchblog","tag-web_applications","wpbf-post"],"contentshake_article_id":"","yoast_head":"\nFun with SQL Injection using Unicode Smuggling<\/title>\n<meta name=\"description\" content=\"During a recent test, I ran into a curious SQL injection vulnerability that required some old but still valid tricks to bypass certain restrictions, and\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/dionach.com\/nl\/fun-with-sql-injection-using-unicode-smuggling\/\" \/>\n<meta property=\"og:locale\" content=\"nl_NL\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Fun with SQL Injection using Unicode Smuggling\" \/>\n<meta property=\"og:description\" content=\"During a recent test, I ran into a curious SQL injection vulnerability that required some old but still valid tricks to bypass certain restrictions, and\" \/>\n<meta property=\"og:url\" content=\"https:\/\/dionach.com\/nl\/fun-with-sql-injection-using-unicode-smuggling\/\" \/>\n<meta property=\"og:site_name\" content=\"Dionach\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/dionachcyber\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-01T22:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-10-25T09:50:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2018\/05\/sql.jpg?fit=767%2C384&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"767\" \/>\n\t<meta property=\"og:image:height\" content=\"384\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Dionach Admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:site\" content=\"@dionachcyber\" \/>\n<meta name=\"twitter:label1\" content=\"Geschreven door\" \/>\n\t<meta name=\"twitter:data1\" content=\"Dionach Admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Geschatte leestijd\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minuten\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/fun-with-sql-injection-using-unicode-smuggling\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/fun-with-sql-injection-using-unicode-smuggling\\\/\"},\"author\":{\"name\":\"Dionach Admin\",\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/#\\\/schema\\\/person\\\/e73f3537233924cf4944f7807068b3c8\"},\"headline\":\"Fun with SQL Injection using Unicode Smuggling\",\"datePublished\":\"2018-05-01T22:00:00+00:00\",\"dateModified\":\"2022-10-25T09:50:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/fun-with-sql-injection-using-unicode-smuggling\\\/\"},\"wordCount\":538,\"publisher\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/fun-with-sql-injection-using-unicode-smuggling\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/dionach.com\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/sql.jpg?fit=767%2C384&ssl=1\",\"keywords\":[\"web applications\"],\"articleSection\":[\"researchblog\"],\"inLanguage\":\"nl-NL\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/fun-with-sql-injection-using-unicode-smuggling\\\/\",\"url\":\"https:\\\/\\\/dionach.com\\\/nl\\\/fun-with-sql-injection-using-unicode-smuggling\\\/\",\"name\":\"Fun with SQL Injection using Unicode Smuggling\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/fun-with-sql-injection-using-unicode-smuggling\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/fun-with-sql-injection-using-unicode-smuggling\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/dionach.com\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/sql.jpg?fit=767%2C384&ssl=1\",\"datePublished\":\"2018-05-01T22:00:00+00:00\",\"dateModified\":\"2022-10-25T09:50:21+00:00\",\"description\":\"During a recent test, I ran into a curious SQL injection vulnerability that required some old but still valid tricks to bypass certain restrictions, and\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/fun-with-sql-injection-using-unicode-smuggling\\\/#breadcrumb\"},\"inLanguage\":\"nl-NL\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/dionach.com\\\/nl\\\/fun-with-sql-injection-using-unicode-smuggling\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"nl-NL\",\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/fun-with-sql-injection-using-unicode-smuggling\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/dionach.com\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/sql.jpg?fit=767%2C384&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/dionach.com\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/sql.jpg?fit=767%2C384&ssl=1\",\"width\":767,\"height\":384},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/fun-with-sql-injection-using-unicode-smuggling\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/dionach.com\\\/nl\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Fun with SQL Injection using Unicode Smuggling\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/#website\",\"url\":\"https:\\\/\\\/dionach.com\\\/nl\\\/\",\"name\":\"Dionach\",\"description\":\"Real Security in a Virtual World\",\"publisher\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/dionach.com\\\/nl\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"nl-NL\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/#organization\",\"name\":\"Dionach\",\"url\":\"https:\\\/\\\/dionach.com\\\/nl\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"nl-NL\",\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.dionach.com\\\/wp-content\\\/uploads\\\/2025\\\/02\\\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg\",\"width\":512,\"height\":512,\"caption\":\"Dionach\"},\"image\":{\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/dionachcyber\",\"https:\\\/\\\/x.com\\\/dionachcyber\",\"https:\\\/\\\/uk.linkedin.com\\\/company\\\/dionach-ltd\",\"https:\\\/\\\/www.instagram.com\\\/dionachcyber\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/dionach.com\\\/nl\\\/#\\\/schema\\\/person\\\/e73f3537233924cf4944f7807068b3c8\",\"name\":\"Dionach Admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"nl-NL\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g\",\"caption\":\"Dionach Admin\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Fun with SQL Injection using Unicode Smuggling","description":"During a recent test, I ran into a curious SQL injection vulnerability that required some old but still valid tricks to bypass certain restrictions, and","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/dionach.com\/nl\/fun-with-sql-injection-using-unicode-smuggling\/","og_locale":"nl_NL","og_type":"article","og_title":"Fun with SQL Injection using Unicode Smuggling","og_description":"During a recent test, I ran into a curious SQL injection vulnerability that required some old but still valid tricks to bypass certain restrictions, and","og_url":"https:\/\/dionach.com\/nl\/fun-with-sql-injection-using-unicode-smuggling\/","og_site_name":"Dionach","article_publisher":"https:\/\/www.facebook.com\/dionachcyber","article_published_time":"2018-05-01T22:00:00+00:00","article_modified_time":"2022-10-25T09:50:21+00:00","og_image":[{"width":767,"height":384,"url":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2018\/05\/sql.jpg?fit=767%2C384&ssl=1","type":"image\/jpeg"}],"author":"Dionach Admin","twitter_card":"summary_large_image","twitter_creator":"@dionachcyber","twitter_site":"@dionachcyber","twitter_misc":{"Geschreven door":"Dionach Admin","Geschatte leestijd":"4 minuten"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/dionach.com\/nl\/fun-with-sql-injection-using-unicode-smuggling\/#article","isPartOf":{"@id":"https:\/\/dionach.com\/nl\/fun-with-sql-injection-using-unicode-smuggling\/"},"author":{"name":"Dionach Admin","@id":"https:\/\/dionach.com\/nl\/#\/schema\/person\/e73f3537233924cf4944f7807068b3c8"},"headline":"Fun with SQL Injection using Unicode Smuggling","datePublished":"2018-05-01T22:00:00+00:00","dateModified":"2022-10-25T09:50:21+00:00","mainEntityOfPage":{"@id":"https:\/\/dionach.com\/nl\/fun-with-sql-injection-using-unicode-smuggling\/"},"wordCount":538,"publisher":{"@id":"https:\/\/dionach.com\/nl\/#organization"},"image":{"@id":"https:\/\/dionach.com\/nl\/fun-with-sql-injection-using-unicode-smuggling\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2018\/05\/sql.jpg?fit=767%2C384&ssl=1","keywords":["web applications"],"articleSection":["researchblog"],"inLanguage":"nl-NL"},{"@type":"WebPage","@id":"https:\/\/dionach.com\/nl\/fun-with-sql-injection-using-unicode-smuggling\/","url":"https:\/\/dionach.com\/nl\/fun-with-sql-injection-using-unicode-smuggling\/","name":"Fun with SQL Injection using Unicode Smuggling","isPartOf":{"@id":"https:\/\/dionach.com\/nl\/#website"},"primaryImageOfPage":{"@id":"https:\/\/dionach.com\/nl\/fun-with-sql-injection-using-unicode-smuggling\/#primaryimage"},"image":{"@id":"https:\/\/dionach.com\/nl\/fun-with-sql-injection-using-unicode-smuggling\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2018\/05\/sql.jpg?fit=767%2C384&ssl=1","datePublished":"2018-05-01T22:00:00+00:00","dateModified":"2022-10-25T09:50:21+00:00","description":"During a recent test, I ran into a curious SQL injection vulnerability that required some old but still valid tricks to bypass certain restrictions, and","breadcrumb":{"@id":"https:\/\/dionach.com\/nl\/fun-with-sql-injection-using-unicode-smuggling\/#breadcrumb"},"inLanguage":"nl-NL","potentialAction":[{"@type":"ReadAction","target":["https:\/\/dionach.com\/nl\/fun-with-sql-injection-using-unicode-smuggling\/"]}]},{"@type":"ImageObject","inLanguage":"nl-NL","@id":"https:\/\/dionach.com\/nl\/fun-with-sql-injection-using-unicode-smuggling\/#primaryimage","url":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2018\/05\/sql.jpg?fit=767%2C384&ssl=1","contentUrl":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2018\/05\/sql.jpg?fit=767%2C384&ssl=1","width":767,"height":384},{"@type":"BreadcrumbList","@id":"https:\/\/dionach.com\/nl\/fun-with-sql-injection-using-unicode-smuggling\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/dionach.com\/nl\/"},{"@type":"ListItem","position":2,"name":"Fun with SQL Injection using Unicode Smuggling"}]},{"@type":"WebSite","@id":"https:\/\/dionach.com\/nl\/#website","url":"https:\/\/dionach.com\/nl\/","name":"Dionach","description":"Real Security in a Virtual World","publisher":{"@id":"https:\/\/dionach.com\/nl\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/dionach.com\/nl\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"nl-NL"},{"@type":"Organization","@id":"https:\/\/dionach.com\/nl\/#organization","name":"Dionach","url":"https:\/\/dionach.com\/nl\/","logo":{"@type":"ImageObject","inLanguage":"nl-NL","@id":"https:\/\/dionach.com\/nl\/#\/schema\/logo\/image\/","url":"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","contentUrl":"https:\/\/www.dionach.com\/wp-content\/uploads\/2025\/02\/cropped-Dionach-vertical-col-yel-nomios-black-1.jpg","width":512,"height":512,"caption":"Dionach"},"image":{"@id":"https:\/\/dionach.com\/nl\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/dionachcyber","https:\/\/x.com\/dionachcyber","https:\/\/uk.linkedin.com\/company\/dionach-ltd","https:\/\/www.instagram.com\/dionachcyber\/"]},{"@type":"Person","@id":"https:\/\/dionach.com\/nl\/#\/schema\/person\/e73f3537233924cf4944f7807068b3c8","name":"Dionach Admin","image":{"@type":"ImageObject","inLanguage":"nl-NL","@id":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3061726a64a760303f6ea8f0976d3e8e0a6997b4da543be9a650b81584b4e79e?s=96&d=mm&r=g","caption":"Dionach Admin"}}]}},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/dionach.com\/wp-content\/uploads\/2018\/05\/sql.jpg?fit=767%2C384&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/ph4Ojq-L7","_links":{"self":[{"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/posts\/2921","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/comments?post=2921"}],"version-history":[{"count":0,"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/posts\/2921\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/media\/8999"}],"wp:attachment":[{"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/media?parent=2921"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/categories?post=2921"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dionach.com\/nl\/wp-json\/wp\/v2\/tags?post=2921"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}