Mr Empy
Mar 16, 2022

I understand what you mean, in the explanation part I just injected a SQL payload for the server to sleep for 40 seconds, if I showed a screenshot it wouldn't show anything like a syntax error or something like that. The server slept for 40 seconds so I went to sqlmap to see if it really was a time based SQL injection, for this reason I jumped to the terminal without showing a print of a SQL error as I mentioned above an incorrect syntax. About my cell phone, I just told that I had discovered this flaw by it because it was the only device I had, if I was using a computer it wouldn't make any difference. What I wanted to get across in this article was what I did to find this site that was vulnerable to SQLI.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Mr Empy
Mr Empy

Written by Mr Empy

「🎩」Pentester & Bug Hunter 「🌕」Ethical Hacker 「🇧🇷」Brazil 「⚡」17 y/o 「👾」CTF Player 「🤖」Programmer 「▶️」Youtuber

Responses (1)

Write a response