Blind SQL injection with time delays and information retrieval
https://portswigger.net/web-security/sql-injection/blind/lab-time-delays-info-retrieval
Level: Practitioner
Now that we know how to detect a time based SQLi, let's retrieve information from it.
So here with this query we are saying that if the first character of the password column is "a" wait/sleep 5 seconds, if not respond immediately.
Here is another python script to make easier the job:
Just wait for the password to retrieve.
Last updated