Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "SQL injection/Blind/Extraction"

From NetSec
Jump to: navigation, search
Line 5: Line 5:
 
* Pre-computation based
 
* Pre-computation based
  
'''The only three things that all of these methods have in common is:'''
+
'''The only things that all these methods have in common is:'''
* <u>These attacks</u> are all limited in some fashion because of local environment and latency or remote environment and dataset.
+
* <u>These attacks</u> are all limited in some fashion because of environment and latency or dataset, respectively.
 
* <u>You</u> must not be afraid of programming.
 
* <u>You</u> must not be afraid of programming.
 
===Timing-based extraction===
 

Revision as of 18:45, 20 November 2012

Blind extraction

There are multiple types of blind data extraction attacks:

  • Timing based
  • Pre-computation based

The only things that all these methods have in common is:

  • These attacks are all limited in some fashion because of environment and latency or dataset, respectively.
  • You must not be afraid of programming.