Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "SQL injection/Blind/Extraction"

From NetSec
Jump to: navigation, search
(Blind extraction)
Line 2: Line 2:
  
 
'''There are two types of blind SQL extraction attacks:'''
 
'''There are two types of blind SQL extraction attacks:'''
* Partial-blind: [[comparative precomputation|Pre-computation based]]
+
* Partial-blind: [[comparative precomputation|Pre-computation based]] (Tool: [[sqli-hap.py]])
 
* Full-blind: [[timing based extraction|Timing based]]
 
* Full-blind: [[timing based extraction|Timing based]]
  

Revision as of 02:59, 21 November 2012

Blind extraction

There are two types of blind SQL extraction attacks:


The only things that these methods have in common is:

  • These attacks are all limited in some fashion because of environment and latency or dataset, respectively.
  • Successful exploitation requires automation programming.