SQL Injection Blind Time Based

SQL Injection - Blind - Time-Based - Low Security Level Solution: *Note: I am using BurpSuite pre configured browser, in case if you are not using the pre configured browser then please configure the browser with proxy and then follow the below steps. Step 1. Click on search button and observe how quickly the page is loaded. Now give below payload as input and notice there is time delay before the page is loaded. Payload - ' or 1=1 and sleep(1) # * If you want you can check the time delay with other payloads. ** Note other time delay payloads are not covered in this video. Step 2. Turn on the proxy in BurpSuite. In the bwapp lesson page click on Search button and the request will pass through BurpSuite. Note the Cookie and PHPSESSID details Cookie: security_level=0; PHPSESSID= Step 3. Lets create Payloads Payloads Syntax: sqlmap -u "Your lesson url" --cookie="security_level=0;PHPSESSID=" -p title --threads=5 --level=5 --risk=3 --batch --dbs -u : url to scan -p : Paramater to scan title : Compares responses based on page title threads: Allows user to define number of concurrent requests to be sent by SQLMap tool. This reduces overall testing time. This should not be kept at higher value, as it may impact the accuracy of the result. Risk & Level: Risk allows the type of payloads used by the tool. By default, it uses value 1 and can be configured up to level 3. Level 3, being the maximum, includes some heavy SQL queries. The level defines the number of checks/payload to be performed. The value ranges from 1 to 5. 5, being the maximum, includes large number of payloads in the scan. The risk and level are recommended to be increased if SQLMap is not able to detect the injection in default settings. batch: Never ask for user input, use the default behavior dbs : This option is used to enumerate the database Follow the same logic for other Payloads sqlmap -u "http://10.0.2.4/bWAPP/sqli_15.php?title=&action=search" --cookie="security_level=0;PHPSESSID=" -p title --threads=5 --level=5 --risk=3 --batch --dbs sqlmap -u "http://10.0.2.4/bWAPP/sqli_15.php?title=&action=search" --cookie="security_level=0;PHPSESSID=" -p title --threads=5 --level=5 --risk=3 --batch -D "bWAPP" --tables sqlmap -u "http://10.0.2.4/bWAPP/sqli_15.php?title=&action=search" --cookie="security_level=0;PHPSESSID=" -p title --threads=5 --level=5 --risk=3 --batch -T "heroes" --columns Step 4. Open command prompt, paste the newly created payload in the command window and check the results. PseudoTime