AXIONSECURITY

SQLi

Blind Time-based

Time-based Blind SQL Injection is a variant of SQL Injection where the attacker is unable to directly view the results of a query, but can infer information based on the time it takes for the database to respond. This technique relies on introducing deliberate delays in the database query to gather useful information.

How Time-based Blind SQLi Works

In Time-based Blind SQL Injection, the attacker sends SQL queries that force the database to wait for a certain period before responding. The attacker can then determine whether the query was true or false by observing the response time. By repeating this process with different queries, they can infer valuable information about the database.

Example Scenario:

  1. Injection: The attacker inputs a SQL payload into an input field, such as a login form or search box.
  2. Delay: The malicious payload instructs the database to delay the response for a specified period, depending on whether a condition is true.
  3. Observation: The attacker measures the response time of the page to determine the truth value of the injected condition.

Let's consider a vulnerable login form:

<form action="/login" method="POST"> <input type="text" name="username" /> <input type="password" name="password" /> <input type="submit" value="Login" /> </form>

If the attacker tries the following payload in the username field:

' OR IF(1=1, SLEEP(5), 0) --

The query will cause a 5-second delay if the condition 1=1 is true (which it is), indicating the vulnerability. If the attacker instead uses:

' OR IF(1=2, SLEEP(5), 0) --

The page will load immediately, indicating that the condition was false.

Performing these attacks on systems without permission is illegal. Always obtain proper authorization before testing for vulnerabilities.

Previous

Error-Based

Next

Union-Based

On this page