Time Based
Last updated
Was this helpful?
Last updated
Was this helpful?
Time-based SQL injection is a technique that relies on sending an SQL query to the database which forces the database to wait for a specified amount of time (in seconds) before responding. The response time will indicate to the attacker whether the result of the query is TRUE or FALSE.
The process is relatively the same as injection. All you have to do is modify the payloads to force the database to wait.
A time-based SQLi payload in MySQL will look like this
Examples: