Burp Suite User Forum

Discover table name using time-based SQL injection

nth347 | Last updated: Mar 25, 2020 05:29PM UTC

Hello guys, I try to gather information about the table name (Users) by using the time-based technique, first I use the following query to determine the length of the table name. But I can not use the percent sign (%), it causes HTTP error code 500. Please help me. TrackingId=x'3BSELECT+CASE+WHEN+((SELECT+LENGTH(table_name)+FROM+information_schema.tables+WHERE+table_name+LIKE+'user%')=$1$)+THEN+pg_sleep(10)+ELSE+pg_sleep(0)+END-- PS: URL encoding for % does not help. Payload $1$ from 1 to 8.

Michelle, PortSwigger Agent | Last updated: Mar 26, 2020 08:55AM UTC

Hi Are you working on the 'Blind SQL injection with time delays and information retrieval' lab? As a starting point, it will be worth carefully checking the steps you are taking against the solution if you can't spot what's different feel free to send us a screenshot of the request and responses you're using from the Repeater and Intruder tabs and we can take a look over them with you. You can email the screenshots to support@portswigger.net.

You need to Log in to post a reply. Or register here, for free.