Here is the vulnerable link.
Testing For Vulnerability
We test the injection is subject to a blind attack by going to the following link.
Checking For Table Names
Checking For Column Names
If you are lucky and guessed some good table names we now can try guessing some columns within those tables.
If the column password exists, then the page loads normally else try another column name.Now let us assume that we got the table name admin and two columns username and password. We have to pull the data from these table/columns.
Pulling Data From Found Table/Columns
This is the actual part that takes lots of time. We use ascii characters in order to pull data since no data will be displayed on the page.
In the above example,I have set user id = 2 and trying to pull the password. If the ascii char was greater then 100 the page will load normally. In our case the page doesn't load with the content so we know the first char is less then 100, we guess again.
To get the next character we modify the sub string.
I changed the substring ,1,1 to 2,1. now it returns the 2nd character of the subselect, 1 character in length. we do the same thing again as the first char. This time >100 returned true so we raise the number.
Or you can go online for the same chart from the following link.
Hope you liked this article, feel free to leave your comments for further doubts and clarifications.