Time based SQL Injection Blind

In the time based, we rely on the time the webserver takes to send a response back to us. We can define a number of seconds in the SQL query that if the server takes the same time to respond, we conclude that it's vulnerable to SQL injection.


As you know first we aim to find the number of columns. Then an example payload is the one below


If the above one took 5 seconds of the webserver to respons, we knew then we have two columns. This means your criteria of a correct query is the time you defined with the [sleep] function.

Last updated