Time based Blind SQL Injection
Thilan Dissanayaka Application Security Feb 13, 2020

Time based Blind SQL Injection

Blind SQL Injection happens when:

There is a SQL injection vulnerability,

BUT the application does not show any SQL errors or query outputs directly.

In this case, an attacker has to ask questions to the database and observe how the server behaves to extract information bit by bit.

There are two main types:

Boolean-based blind SQLi (based on true/false responses)

Time-based blind SQLi (based on delay in server response)

When the server behaves the same way for both True and False, we use Time delays to detect it!

Example:

Inject:

bash Copy Edit http://victim.com/product.php?id=5' AND IF(1=1, SLEEP(5), 0) -- If the server pauses for 5 seconds, 1=1 condition is true.

Inject:

bash Copy Edit http://victim.com/product.php?id=5' AND IF(1=2, SLEEP(5), 0) -- If no delay, then 1=2 condition is false.

Thus, based on the response time, we infer the truth of the injected statement.

Similarly, we can extract one character at a time by checking:

sql Copy Edit IF(SUBSTRING(database(),1,1)='a', SLEEP(5), 0)

ALSO READ
Exploiting a Stack Buffer Overflow on Linux
Apr 01 Exploit development
Exploiting a Stack Buffer Overflow on Linux

Have you ever wondered how attackers gain control over remote servers? How do they just run some exploit and compromise a computer? If we dive into the actual context, there is no magic happening....

Bypassing DEP with Return-to-libc
Apr 05 Exploit development
Bypassing DEP with Return-to-libc

DEP makes the stack non-executable — our shellcode can't run. The simplest bypass? Don't inject code at all. Instead, call functions that already exist in libc. In this post, we exploit a stack overflow to call system('/bin/sh') without writing a single byte of shellcode.

SQL Injection Login Bypass
Feb 10 Application Security
SQL Injection Login Bypass

SQL Injection (SQLi) is one of the oldest and most fundamental web application vulnerabilities. While modern frameworks have made it harder to introduce, understanding SQL injection is essential for anyone learning web security. In this post, we'll break it down from the ground up using a classic login bypass.

Common Web Application Attacks
Feb 05 Application Security
Common Web Application Attacks

Web applications are one of the most targeted surfaces by attackers. This is primarily because they are accessible over the internet, making them exposed and potentially vulnerable. Since these...

Exploiting a Stack Buffer Overflow on Windows
Apr 12 Exploit development
Exploiting a Stack Buffer Overflow on Windows

In a previous tutorial we discusses how we can exploit a buffer overflow vulnerability on a Linux machine. I wen through all theories in depth and explained each step. Now today we are going to jump...

Exploiting a format string vulnerebility on Linux
Apr 12 Exploit development
Exploiting a format string vulnerebility on Linux

A misused printf can leak stack contents, read arbitrary memory, and write to arbitrary addresses. Format string vulnerabilities are one of the most powerful bug classes in C and they're the key to defeating ASLR. In this post, we exploit printf from leak to shell.

AUTHOR
Thilan Dissanayaka

Thilan Dissanayaka

Security Engineer at WSO2. Passionate about clean code and cybersecurity. Building secure, scalable applications with modern technologies.

CATEGORIES