Blind SQL Injections

blind SQL injections describe scenarios in which database responses are never returned and behaviour is inferred using either boolean- or time-based logic.

As an example, generic boolean-based blind SQL injections cause the application to return different and predictable values whenever the database query returns a TRUE or FALSE result, hence the "boolean" name. These values can be reviewed within the application context.

PayloadsAllTheThings/SQL Injection/README.md at master · swisskyrepo/PayloadsAllTheThingsGitHub

Blind SQLi Can be Time-based injection, Error-based injection, and Boolean-based.

Some examples payload:

http://$IP/testing.php?user=offsec' AND IF (1=1, sleep(3),'false') -- //

Paste the above URL in the browser.

If it works then your browser will hang for 3 seconds.

PreviousUnion Based SQLi NextPayload for RCE

Last updated 1 year ago