Questions about this topic? Sign up to ask in the talk tab.

Difference between revisions of "SQL injection/Blind/Extraction"

From NetSec
Jump to: navigation, search
(Blind extraction)
Line 2: Line 2:
  
 
'''There are two types of blind SQL extraction attacks:'''
 
'''There are two types of blind SQL extraction attacks:'''
* Partial-blind: Pre-computation based
+
* Partial-blind: [[comparative precomputation|Pre-computation based]]
* Full-blind: Timing based
+
* Full-blind: [[timing based data extraction|Timing based]]
  
  

Revision as of 21:14, 20 November 2012

Blind extraction

There are two types of blind SQL extraction attacks:


The only things that these methods have in common is:

  • These attacks are all limited in some fashion because of environment and latency or dataset, respectively.
  • Successful exploitation requires automation programming.