During an assessment of a web application, a penetration tester would like to test the application for blind SQL injection. Which of the following techniques should the penetration tester perform next?
A.
1' ORDER BY 1--+
B.
'; IF (1=1) WAITFOR DELAY '0:0:10'--
C.
xyz' AND '1' = '1
D.
xyz' AND (SELECT CASE WHEN (1=1) THEN 1/0 ELSE 'a' END)='a)
Bing AI says the answer is B:
When it comes to testing for blind SQL injection, a common method involves using time-based techniques to infer the results of queries. This is because the application may not return visible error messages or results directly to the tester.
The most suitable choice for a time-based blind SQL injection technique would be:
B. '; IF (1=1) WAITFOR DELAY '0:0:10'--
This payload uses the WAITFOR DELAY command, which causes the database to pause for 10 seconds if the condition (1=1) is true. If the application becomes unresponsive for 10 seconds, it indicates that the SQL injection was successful.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Alex818119
4 days, 5 hours agoLearner213
5 days, 11 hours agozemijan
3 weeks ago