October 2016
Beginner to intermediate
650 pages
14h 43m
English
Sometimes, life hands you lemons; blind SQL Injection points are some of those lemons. When you're reasonably sure you've found an SQL Injection vulnerability but there are no errors and you can't get it to return your data, in these situations you can use timing commands within SQL to cause the page to pause in returning a response and then use that timing to make judgments about the database and its data.
We will create a script that makes requests to the server and returns differently timed responses, depending on the characters it's requesting. It will then read those times and reassemble strings.
The script is as follows:
import requests times = [] print “Kicking off the attempt” cookies = {'cookie ...Read now
Unlock full access