Meitoka blog
  • 👋About Me
  • ☢️Malware Development (crow)
    • Process, Thread & Handler
  • 🚩TryHackMe stuffs
    • Walkthroughs
      • 🔟OWASP Top 10
      • SSRF
      • Buffer Overflow
    • Challenges (CTF)
      • ♟️Publisher
      • 🐰Wonderland
  • 🌋VULNLAB
    • Machines
      • 🐈Baby
      • 🎧Data
  • 🧠LEARNING
    • 💉SQLi
      • 📜SQLmap quick cheat sheet
      • ➡️In-Band SQLi
      • Inferential (Blind) SQL Injection
      • ⚠️SQLi warning
Powered by GitBook
On this page
  1. LEARNING
  2. SQLi

Inferential (Blind) SQL Injection

Boolean-Based

Boolean-based SQL Injection refers to the response we receive from our injection attempts, which could be a true/false, yes/no, on/off, 1/0 or any response that can only have two outcomes.

The goal of this method is to use the ... like '%';-- to find database, tables, columns and after it, and potential username and password.

Example:

admin123' UNION SELECT 1,2,3 from users where username='admin' and password like 'a%

Time-Based

Same than Boolean-Based but without visual indicator. So, The indicator will be based on the time the query takes to complete. To perform it, we use the built-in method SLEEP(x) alongside the UNION statement.

The SLEEP() method will only ever get executed upon a successful UNION SELECT statement.

Example:

admin123' UNION SELECT SLEEP(5),2 where database() like 'u%';--
PreviousIn-Band SQLiNextSQLi warning

Last updated 1 month ago

🧠
💉
  • Boolean-Based
  • Time-Based