Рет қаралды 10,870
Disclamer: The Video Content Has been made available informational and educational purposes only
------------------------------------------------------------------------
1;(SELECT+SLEEP(5))--
1;(SELECT IF(MID(VERSION(),1,1) = '5', SLEEP(15), 0))-- will cause no delay
1;(SELECT IF(MID(VERSION(),1,1) = '8', SLEEP(15), 0))-- will cause delay
This query is designed to perform a time-based SQL injection attack in order to determine whether the version of the MySQL database starts with the digit '8'.
1; = The initial "1;" appears to be part of the original query and is followed by a semicolon. This semicolon terminates the legitimate SQL statement that precedes it.
(SELECT IF(MID(VERSION(),1,1) = '8', SLEEP(15), 0)): This subquery contains a conditional statement using the "IF" function. The goal of this subquery is to check whether the first character of the database version (obtained using the "VERSION()" function) is equal to '8'. If it is, the subquery executes "SLEEP(15)", causing a delay of 15 seconds. Otherwise, it executes "0".
MID(VERSION(),1,1): The "MID" function extracts a substring from the "VERSION()" output. Here, it retrieves the first character (at position 1) of the database version string.
= '8': This comparison checks if the first character of the version is equal to '8'.
IF(..., SLEEP(15), 0): The "IF" function evaluates the condition. If the condition is true (i.e., the version starts with '8'), it executes "SLEEP(15)" to cause a 15-second delay. If the condition is false, it executes "0".
--: The double hyphens (--) mark the beginning of a comment in SQL
------------------------------------------------------------------------
.:: Hastag #BugBounty ::.
Bug Bounty, bug Bounty PoC, bug Bounty xss, bug Bounty 2023, hackerone, bug Bounty Reward, bug Bounty IDOR, bug Bounty SQL, bug Bounty Account Take Over, bug Bounty rce, bug Bounty write up, parkerzanta, 2fa bypass, XSS on Hidden input, XSS Bug Bounty, OTP Bypass Bug bounty PoC, No Rate limit Bug bounty PoC, Remote Code Execution, RCE bug bounty, RCE PoC, Bugcrowd Bug Bounty, Google Bug Bounty, Google XSS, Subdomain take over, Subdomain take over Bounty
------------------------------------------------------------------------
Twitter: / abhishekmorla
Website: abhishekmorla.netlify.app/
Linkedin: / abhishekmorla
------------------------------------------------------------------------