pierre Posted October 6, 2017 Posted October 6, 2017 Hello, I am looking toward blind SQL injection recently :) Indeed, in a login:pwd interface I hit a right mail usermane along with this as a password: test'-SLEEP(5)# Then I land in the account interface !! I don't take it at all.. Blind SQLi isn't suppose to guess the password by triyng each letters like: test'-(SELECT * FROM (SELECT(SLEEP(20)))a)-' test'-(SELECT * FROM (SELECT(SLEEP(20)))b)-' ? Thanks :) Quote
digininja Posted October 6, 2017 Posted October 6, 2017 Blind injection is where you don't get errors or other visible differences from your injection. There isn't a specific set of commands that should or shouldn't work. Quote
pierre Posted October 6, 2017 Author Posted October 6, 2017 Ok I should inspect the server side to know why my injection works. Quote
digininja Posted October 6, 2017 Posted October 6, 2017 If you have access to the server code then analyse it to see whats happening and you should get some idea of where the vulnerability is. Quote
i8igmac Posted October 6, 2017 Posted October 6, 2017 (edited) You could enable 'display_errors = on' in your php.ini file... just close your eyes and type on your keyboard if you want to practice blind sql injection. As said by digninja. You don't see any Data display on the page that a error exist or data has been modified due to the web applications design. If you see your page sleep for 20 seconds then display data then this is how you prove sql exist. it may take multiple attempts to confirm injection exist. Like telling the server to ping your remote machine. Tcp connect to a remote machine. Email a personal account. Edited October 6, 2017 by i8igmac Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.