How can the attacker exploit the blind SQL inject vulnerability apart from sleeping the server?

Asked Feb 18 '22 at 09:48

Active Feb 18 '22 at 09:48

Viewed 19 times

In one of my projects I discovered a blind-sql-injection vulnerability, that goes like this:

the url index.php/company/lang/action can be injected with some extra sql like this index.php/company'%20and%20''='/lang/action

the only thing I've found the attacker can do is to sleep the server, eg. index.php/company'%20and%200=sleep(100)%20and%20'1'='1/lang/action

What could be other options for the attacker?

Thanks

asked Feb 18 '22 at 09:48

Alex Radyuk

I've found that insertions like /company';drop%20table%20config;--/ for whatever reason don't work, so it's impossible to exec multiple queries, ie. the attacker will have to build the attack around 1 select statement – Alex Radyuk Feb 18 '22 at 09:59
what's the point in looking for "other options for the attacker" instead of **patching the vulnerability right away?** – Your Common Sense Feb 18 '22 at 10:11

0 Answers0