Hackzzz - The Notebook

Blind SQL injection with time delays

https://portswigger.net/web-security/sql-injection/blind/lab-time-delays

Level: Practitioner

Increasing the dificulty this time.
Let's say a case when you don't get any of the past SQLi to work.
Well, try a SQL injection time based.

In the following I'm assuming that the SQL is a MySQL, but we don't get anything.
Try to guess the SQL.

Finally, I found that using a PostgreSQL sleep, the server waits my 5 seconds.
Now we know that the SQL is PostgreSQL and we need to do a time based SQLi to retrieve the contents.

Use the porswigger cheat sheet when you feel lost, is super useful.

PreviousBlind SQL injection with conditional responses NextBlind SQL injection with time delays and information retrieval

Last updated 1 year ago