🎃 Spooky SSC CTF 🎃

🕳️ Blind SQL Injection

Blind SQL injection doesn't return data directly. You need to infer information from the application's behavior!

Your Mission: Use blind SQL injection to extract the flag!

Challenge: Use blind SQL injection to extract the flag from the database!

💡 Challenge Overview

Goal: Use blind SQL injection to extract the flag.

Difficulty: Hard - Advanced SQL injection!

Time to complete: 10-15 minutes

Key Learning: Blind attacks work without visible errors!

🔍 Blind SQL Injection

Blind SQL injection doesn't show errors directly, but you can infer information from the application's behavior. This challenge uses time-based detection!

🔍 What You're Learning:

Blind SQL Injection - SQL injection without visible errors
Time-Based Attacks - Using response time to detect vulnerabilities
Advanced SQL Techniques - SLEEP functions and timing attacks

🔍 Product Search Portal

Search for products in our haunted store. Try using blind SQL injection techniques!

Enter a search term to see results...

⏱️ Timing Information

Response time: 0ms

Last query: None

🔍 Blind SQL Injection Techniques:

' AND SLEEP(5) -- (Time-based)
' AND (SELECT COUNT(*) FROM users) > 0 -- (Boolean-based)
' AND ASCII(SUBSTRING((SELECT password FROM users LIMIT 1),1,1)) > 65 --
' UNION SELECT 1,2,3 WHERE SLEEP(5) --

🏁 Submit Your Flag

🏠 Back to Main Page