Similar to sqlmap, the patator fuzzer can be used to conduct the SQLi Blind attack against a target database. The following log shows the result of a patator command, where the body field contains the SQLi string with 3 variables under the control of the user: RANGE0, RANGE1, and RANGE2. Their real mutation ranges are specified by 0="int:0-7" 1="int:1-20" 2="int:1-256". It is obvious that the RANGE2 field was used to fuzz the possible ASCII code. And the first first_name is admin, which is indicated by the following result related to RANGE0=0, RANGE1=1-5, RANGE2=[97, 100, 109, 105, 110] 17:12:56 patator INFO - 200 4621:4293 0.015 | 0:1:97 | 97 | HTTP/1.1 200 OK 17:12:56 patator INFO - 200 4621:4293