Time Based SQL Injection Bug Hunting Methodology

Free Article Link: Click here

Welcome hackers, I am Abhirup Konwar (aka LegionHunter). I work as a full time bug hunter and part-time malware developer with the goal of becoming an elite red teamer. I have reported over 1000 bugs on OpenBugBounty , as well as on HackerOne and BugCrowd with bugs belonging to both Client and Server Injection category, Sensitive Information Disclosure & Broken Access Control. I mainly focus on recon based hunting where other hunters simply fail to touch that obscure endpoint.

In this article, I am going to elaborate what are the practical and manual steps an experienced bug hunter takes to uncover Time Based SQL Injection Vulnerability , meanwhile the beginners will only keep injecting single quote and double quote on all GET request parameters in a hope to see the keyword “error” in the server response , as this is the only well-known test case they might know about when they first start , run sqlmap with default configuration and later complain bug hunting is a waste where they claim there are putting efforts daily from 1 year which itself signifies that he/she doesn’t try new approaches, building own methodology, daily self hit and trial new experiments and simply copy pasting someone else pentesting checklists without any understanding the difference between pentesting or VAPT engagements and…