Some web pages are written in a way in which no data is actually presented on a web page, including errors and database data. In this case, we need to exploit the MySQL
substring() functions to perform true or false operations. We can use these functions with the
sleep() MySQL function and check the response time from the server for each query. If we creatively tell the server to
sleep() on returning
true, we know that our query was successful. This is time-based blind SQL injection in its simplest form. This method might not always be the most reliable one in some circumstances, since the returned result relies on a lot of moving parts, which could throw off the reading of time, such as the network, server ...