Thank's alot man, I was stuck on a wargame site and my blind sqli skillz were.. underdeveloped at best, this helped me out greatly! Checking for a 15 character password wasn't fun though 😉
good tutorial
however i still have some doubts on how to guess column and table names or extract data from database
it would be fantastic if u would create a vid tut for that
i did not understand this
(select substring(concat(1,password),1,1)from users_limit 0,1)=1
what are these numbers 1,1 0,1 1,password supposed to represent
thankyou
14 responses to “Basic BLIND mySQL Injection Tutorial”
I need to do blind SQLi for a challenge for school. This helped alot. Thank you.
what would i do if the website has a blind sql but has no id=1 or any sort of number at the end or .php
NIce bro…keep doing video like..
Thank's alot man, I was stuck on a wargame site and my blind sqli skillz were.. underdeveloped at best, this helped me out greatly! Checking for a 15 character password wasn't fun though 😉
ID=x, x can be every number.
There are also other kind of attacks to hack into websites. Like XSS, LFI and RFI.
If you contact them and tell them it's vulnerable then it's good.
How do i know whitch table contain username and password? Or do i have to try them all?
It's all good and well hacking someone's site but do you then help them make it safer? I doubt it…
and it work with this only with this way?
this is fun good!!!!!
learn sql, don't ask stupid questions here. this is clear for everyone who knows sql. this don't require syntax explanation
good tutorial
however i still have some doubts on how to guess column and table names or extract data from database
it would be fantastic if u would create a vid tut for that
i did not understand this
(select substring(concat(1,password),1,1)from users_limit 0,1)=1
what are these numbers 1,1 0,1 1,password supposed to represent
thankyou
Well i see what you are doing , if id=1 was not there , how can you attack it ?
Well done. Inspiring! Good thing you contacted the website and told them too.
Great work!