Time-based SQLi

sqlinjectionfundamentals sqlinjectionlm sqlilab sql_injection_time_based

A time-based SQLi is when we internationally delay the response from the database based on the condition.

For instance, given the condition "if the DBMS is MariaDB, wait 5 seconds", assuming the usual requests takes 1 second, if the sleep request takes ~6 seconds, then will know that the DBMS is MariaDB.

1337=(SELECT 1337 FROM SLEEP(5))
1337=(SELECT 1337 FROM PG_SLEEP(5))

The select is ONLY called if there is at least one record selected, meaning the condition in the where is at least true for one record.

[...] AND 1337=(Select SLEEP(5) from accounts where username='admin')
[...] AND IF('admin'in(SELECT username from accounts),SLEEP(5),0)