Questions about this topic? Sign up to ask in the talk tab.
SQL injection/Blind/Extraction
From NetSec
Blind extraction
There are two types of blind SQL extraction attacks:
- Partial-blind: Pre-computation based (Tool: mysqli-blindutils > sqli-hap.py)
- Full-blind: Timing based
The only things that these methods have in common is:
- These attacks are all limited in some fashion because of environment and latency or dataset, respectively.
- Successful exploitation requires automation programming.