Jump to content

Recommended Posts

Posted

Hello,

I am looking toward blind SQL injection recently :)

Indeed, in a login:pwd interface I hit a right mail usermane along with this as a password:

test'-SLEEP(5)#

Then I land in the account interface !! I don't take it at all..

Blind SQLi isn't suppose to guess the password by triyng each letters like:

test'-(SELECT * FROM (SELECT(SLEEP(20)))a)-'

test'-(SELECT * FROM (SELECT(SLEEP(20)))b)-'

?

Thanks :)
Posted

Blind injection is where you don't get errors or other visible differences from your injection. There isn't a specific set of commands that should or shouldn't work.

Posted

If you have access to the server code then analyse it to see whats happening and you should get some idea of where the vulnerability is.

Posted (edited)

You could enable 'display_errors = on' in your php.ini file...

just close your eyes and type on your keyboard if you want to practice blind sql injection.

 

As said by digninja. You don't see any Data display on the page that a error exist or data has been modified due to the web applications design. 

 

If you see your page sleep for 20 seconds then display data then this is how you prove sql exist.

 

it may take multiple attempts to confirm injection exist.

Like telling the server to ping your remote machine. Tcp connect to a remote machine. Email a personal account.

Edited by i8igmac

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...