If the feedback is correct when the database returns the results, and the information in the database will not be returned, you can use logic to determine whether the blind injection is correct
Blind betting is a method that cannot obtain the database through direct display
In the blind bet, the attacker judges the press information according to the difference of the returned page (may be different page content or response time).
Blind bet classification
(1) Boolean blind
(2) Time blind
(3) Error-type blind injection
SQL blind injection commonly used functions
left (a, b) intercepts the first b bits of a from the left: left (database (), 1)> 's'
substr (a, b, c) starts at the position b and intercepts the length c of the string a
ascii () converts a character to ASCII value: ascii (substr (user), 1,1)) = 101 #
mid (a, b, c) starts at position b and intercepts the c bits of the a string
Common error injection functions
_floor()Mysql:;
Extractvalue(Mysql):
Updatexml(Mysql)
UTL_INADDR.get_host_address(Oracle)
Translation reading aloud copy is inquire, please wait ... Retry reading aloud copy copy aloud copy via Google Translate (domestic) translation