How to use a Blind SQL-i keyword?

Question

After scanning my website with uniscan I found a few vulnerabilities. I found this answer here and tried but it does not return anything except what it should return.

Blind SQL Injection:

[+] Vul [Blind SQL-i]: http:/192.168.1.100/browse.html?user_id=10590'+AND+'1'='1     
[+] Keyword: Compassion

How to use the keyword in order to inject successfully?

No, i get a different result if i write id=10590 only `http:/192.168.1.100/browse.html?user_id=10590` — Filip Luchianenco, Apr 30 '14 at 08:04
If `10590' AND '1'='0` and `10590' AND '1'='1` don’t have different results, you’re probably not vulnerable. Or what exactly is the difference in both? — Gumbo, Apr 30 '14 at 08:05
`user_id=10590` != `user_id=10590'+AND+'1'='1` == `user_id=10590'+AND+'1'='0'` does that make the website vulnerable? — Filip Luchianenco, Apr 30 '14 at 08:12
The expression `'1'='1'` in `10590' AND '1'='1` would make the condition true for each row while `'1'='0'` would be false for each row. If you don’t get a different result, it’s not vulnerable. That `10590` and `10590' AND '1'='1` gives you different results is probably because there is no user with the id `10590' AND '1'='1`. — Gumbo, Apr 30 '14 at 08:17
Thank you. Consider writing the last commend as an answer please. — Filip Luchianenco, Apr 30 '14 at 08:21

score 1 · Accepted Answer · answered Apr 30 '14 at 08:41

What the vulnerability scanner tried is to add a condition that is either true for all rows ('1'='1', tautology, added with 10590' AND '1'='1) or false for each row ('1'='0', contradiction, added with 10590' AND '1'='1). If you don’t get a different result for these, it’s probably not vulnerable.

However, that the user_id values 10590 and 10590' AND '1'='1 gives you different results is probably because there is no user with the ID 10590' AND '1'='1.

How to use a Blind SQL-i keyword?

1 Answers1