Security Consultant | Application Security | CEH | CCIO | VAPT | NCIIPC TOP 15 | 300 CVEs | Bestselling Instructor 250,000+ Students
Today, I got an SQLi on a WordPress plugin. I created this payload to test: 10',sleep(50),1,2,3,4,5);--+- 10 here is a numeric value and I used ' to terminate the existing SQL query. Then ',' is used to separate the injected SQL code from the rest of query. I hope you know why sleep command is used and the number inside it tells the server to pause for 50 seconds. Then I used numbers seperate by comma, these are placeholders to match the number of parameters expected by the SQL query. Then at last the closing parentheses ) is used to close the injected SQL code. The semicolon ; ends the SQL statement. The double hyphens -- start a comment in SQL, ensuring that any remaining part of the original query is ignored. Finally, the last '+-' I used because the payload didn't work without it, I don't know maybe the earlier comment caused the SQL parser to show errors. Gosh! PHP is getting fun nowadays :) #bughunting #php #penetrationtesting
Security Analyst | VAPT | Application Security | API Security | Mobile Security | VAPT | Qualys Certified |
11moHave you tried to execute it without +-???