Questions about this topic? Sign up to ask in the talk tab.
Difference between revisions of "SQL injection/Blind/Extraction"
From NetSec
(→Blind extraction) |
|||
| Line 2: | Line 2: | ||
'''There are two types of blind SQL extraction attacks:''' | '''There are two types of blind SQL extraction attacks:''' | ||
| − | * Partial-blind: Pre-computation based | + | * Partial-blind: [[comparative precomputation|Pre-computation based]] |
| − | * Full-blind: Timing based | + | * Full-blind: [[timing based data extraction|Timing based]] |
Revision as of 21:14, 20 November 2012
Blind extraction
There are two types of blind SQL extraction attacks:
- Partial-blind: Pre-computation based
- Full-blind: Timing based
The only things that these methods have in common is:
- These attacks are all limited in some fashion because of environment and latency or dataset, respectively.
- Successful exploitation requires automation programming.
