Dumping the data – in blind and time-based scenarios
Now, we have looked into error-based techniques, let's focus SQLMap usage on the Boolean blind technique and time-based techniques.
The major problem that we face when performing blind and time-based exploitations is the fact that there is no verbose database error, and if the query result is successful (true) then the appropriate result is displayed on the page, or a blank area is displayed in the case that the result is false.
Regardless of this, the process of extracting the data remains similar to the one I explained earlier, and there are various optimization facilities in SQLMap which we will utilize here.
The scenario will be a classic blind/time-based injection with no error to facilitate us.
If the query is TRUE then the web application throws the output as shown in the following screenshot:
In the case that the query is FALSE then it throws the output as shown in the following screenshot:
If there is no error, then it is a classic...
