Showing posts from April, 2021

Exfiltrate data from Blind SQL Injection (Boolean Based) | Using Scripting

Hey guys, we all know what is SQLi and also know Blind SQLi but we will talk about how to exfiltrate data using Blind SQL (Boolean based). Boolean Based This type is referer to True and False we will ask if this item exists and the application will answer with Yes or No. We will try this attack on a vulnerable login page, the following screenshot is a simple request to login we can simply try a payload list of payloads like  ' or '1'='1 'or'1'='1'%23 'or''=''-- and tried these payloads with double quotes but it will not work, we can guess how the function work, the function is taking password and username it could check the result from the database when we execute query SELECT * FROM users WHERE username='$uname' AND pass='$pass' variables contain the user input it will return the user info from the DB the application can check the numbers of rows which back in the result of the query so the above query will return