hacking:sql_injection:mysql:blind_sql_injections
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| hacking:sql_injection:mysql:blind_sql_injections [2020/04/16 22:50] – peter | hacking:sql_injection:mysql:blind_sql_injections [2020/07/15 09:30] (current) – external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 21: | Line 21: | ||
| ===== Making Databases Wait / Sleep For Blind SQL Injection Attacks ===== | ===== Making Databases Wait / Sleep For Blind SQL Injection Attacks ===== | ||
| - | First of all use this if it's really blind, otherwise just use 1/0 style errors to identify difference. Second, be careful while using times more than 20-30 seconds. database API connection or script can be timeout. | + | Use this if it's really blind, otherwise just use 1/0 style errors to identify difference. |
| - | BENCHMARK() (M) | + | Be careful while using times more than 20-30 seconds; database API connection or script can be timeout. |
| - | Basically, we are abusing this command to make MySQL wait a bit. Be careful you will consume web servers limit so fast! | + | <code sql> |
| + | BENCHMARK() | ||
| + | </ | ||
| + | |||
| + | Basically, we are abusing this command to make MySQL wait a bit. Be careful you will consume web servers limit so fast! | ||
| <code sql> | <code sql> | ||
| Line 43: | Line 47: | ||
| </ | </ | ||
| + | ---- | ||
| + | |||
| + | ===== Clear SQL Injection Tests ===== | ||
| + | |||
| + | These tests are simply good for blind sql injection and silent attacks. | ||
| + | |||
| + | <code sql> | ||
| + | product.asp? | ||
| + | product.asp? | ||
| + | product.asp? | ||
| + | |||
| + | product.asp? | ||
| + | product.asp? | ||
| + | product.asp? | ||
| + | product.asp? | ||
| + | </ | ||
| + | |||
| + | ---- | ||
hacking/sql_injection/mysql/blind_sql_injections.1587077406.txt.gz · Last modified: 2020/07/15 09:30 (external edit)