Time-based SQL Injection is an inferential SQL Injection technique that relies on sending an SQL query to the database which forces the database to wait for a specified amount of time (in seconds) before responding. This attack is typically slow (especially on large databases) since an attacker would need to enumerate a database, character by character. This allows an attacker to infer if the payload used returned true or false, even though no data from the database is returned. Boolean-based SQL Injection is an inferential SQL Injection technique that relies on sending an SQL query to the database which forces the application to return a different result depending on whether the query returns a TRUE or FALSE result.ĭepending on the result, the content within the HTTP response will change, or remain the same.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |