Questions about this topic? Sign up to ask in the talk tab.

SQL injection/Blind

From NetSec
Revision as of 02:41, 20 November 2012 by LashawnSeccombe (Talk | contribs) (Created page with "There are primarily two types of blind sql injection vulnerabilities: partial blind and total blind. Partial blind injection is referred to as ''partial'' ...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

There are primarily two types of blind sql injection vulnerabilities: partial blind and total blind.

Partial blind injection is referred to as partial because data returned by the application changes to some extent. This may mean it simply does not display in one instance while it displays in the other.

In the situation of a total blind vulnerability or a completely blind vulnerability, the data does not change in any way regardless of the request, thus timing attacks must be utilized for successful exploitation because they affect the HTTP response time rather than the HTTP response data.

There are traditionally two types of exploitation for blind sql injection:

  • Blind data extraction
  • Boolean enumeration

Each exploitation method has viable options for both partial blind and total blind injection. Blind data extraction is by far faster than boolean enumeration. When using boolean enumeration for exploitation of sql injection, an attacker is able to receive only one bit of data per request. With printable text characters this usually requires 7 requests (because the highest order bit is never set in latin1 printable characters), however this will require up to 8 requests for binary data. In comparison, blind extraction can be used to retrieve values exceeding a full byte per request.

Retrieved from "http://nets.ec/index.php?title=SQL_injection/Blind&oldid=9955"