Time-Based Blind SQL Injection
Overview
=======
Blind SQL Injection is an attack which the attacker gets an
indication for the query execution success. The attacker doesn’t
get the query results.
Most of the time, the indication bases on server errors or
customized application errors.
Time-Based Blind SQL Injection
======================
Sometimes the attacker might not be able to identify the query
execution success, because the server/application doesn’t show
any error.
One of the techniques to get an indication for the query
execution success called Time-Based Blind SQL Injection.
With this technique, the attacker executes functions that take
some time to finish (for example: Benchmark, Delay, etc.). By
measuring the time took the application to response, the attacker
might be able to identify if the query executed successfully or
the query execution failed. …