Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "SQL injection/Blind/Extraction"

From NetSec
Jump to: navigation, search
(Blind extraction)
 
(5 intermediate revisions by one other user not shown)
Line 1: Line 1:
== Blind extraction ==  
+
=== Blind extraction ===
  
'''There are multiple types of blind data extraction attacks:'''
+
'''There are two types of blind SQL extraction attacks:'''
* Timing based
+
* Partial-blind: [[comparative precomputation|Pre-computation based]] (Tool: [[mysqli-blindutils]] > [[sqli-hap.py]])
* Pre-computation based
+
* Full-blind: [[timing based extraction|Timing based]]
  
'''The only things that all these methods have in common is:'''
+
 
 +
'''The only things that these methods have in common is:'''
 
* <u>These attacks</u> are all limited in some fashion because of environment and latency or dataset, respectively.
 
* <u>These attacks</u> are all limited in some fashion because of environment and latency or dataset, respectively.
* <u>You</u> must not be afraid of programming.
+
* <u>Successful exploitation</u> requires automation [[programming]].

Latest revision as of 03:01, 21 November 2012

Blind extraction

There are two types of blind SQL extraction attacks:


The only things that these methods have in common is:

  • These attacks are all limited in some fashion because of environment and latency or dataset, respectively.
  • Successful exploitation requires automation programming.