Blind SQL Injection without an “in”

Alternative ways to retrieve table names in MySQL — without information_schema.

terjanq
terjanq
Jan 7 · 5 min read

As for the sake of exercising, I looked up a few web challenges on TetCTF and noticed an interesting one — ”Secure System”. When solving the challenge, I explored many SQL Injection techniques that you will probably not find in any tutorials. Enjoy reading!

The challenge was to craft a Blind SQL Injection payload without using:

  • UNION … SELECT
  • information_schema

To keep reading this story, create a free account.

Already have an account? Sign in

terjanq

Written by

terjanq

Security enthusiast that loves playing CTFs and hunting for bugs in the wild. Also likes to do some chess once in a while. twitter.com/terjanq

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade