SQL Injection – time delays and information retrieval| PortSwigger Lab Note #10

target： Lab URL: https://portswigger.net/web-security/learning-paths/sql-injection/sql-injection-exploiting-blind-sql-injection-by-triggering-time-delays/sql-injection/blind/lab-time-delays-info-retrieval Tools Used: browser Burp suite Vulnerability Summary： Type: Blind SQL Injection Description: The results of the SQL query are not returned, and the application does not respond any differently based on whether the query returns any rows or causes an error. However, since the query is executed synchronously, it is possible to trigger conditional time delays to infer information. Steps to Exploit： 1.Verify that the application responds with no time delay or time delay 2.confirming that there is a user called administrator. 3.determine how many characters are in the password of the administrator user 4.Determine the password Remediation： Use parameterized queries / prepared statements Use server‑side input validation Escape and sanitize user input Lessons Learned：

SQL Injection – time delays and information retrieval| PortSwigger Lab Note #10

Related Articles

I Missed This Claude Setting at First. And It Actually Matters

Instacart Promo Code: Save on Groceries in March 2026

How a Switch Actually “Learns”: Demystifying MAC Addresses and the CAM Table

This is the lowest price on a 64GB RAM kit I've seen in months

What Is Computer Science? (Learn This Before It’s Too Late)

Related Articles

How-To
I Missed This Claude Setting at First. And It Actually Matters
Medium Programming • 4d ago

How-To
Instacart Promo Code: Save on Groceries in March 2026
Wired • 4d ago

How-To
How a Switch Actually “Learns”: Demystifying MAC Addresses and the CAM Table
Medium Programming • 4d ago

How-To
This is the lowest price on a 64GB RAM kit I've seen in months
ZDNet • 4d ago

How-To
What Is Computer Science? (Learn This Before It’s Too Late)
Medium Programming • 4d ago