Blind SQL Injection without an “in”
Alternative ways to retrieve table names in MySQL — without information_schema.
As for the sake of exercising, I looked up a few web challenges on TetCTF and noticed an interesting one — ”Secure System”. When solving the challenge, I explored many SQL Injection techniques that you will probably not find in any tutorials. Enjoy reading!
The challenge was to craft a Blind SQL Injection payload without using:
- UNION … SELECT