Questions about this topic? Sign up to ask in the talk tab.

SQL injection/Blind/Extraction

From NetSec

Revision as of 04:01, 21 November 2012 by LashawnSeccombe (Talk | contribs) (→‎Blind extraction)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Blind extraction

There are two types of blind SQL extraction attacks:

Partial-blind: Pre-computation based (Tool: mysqli-blindutils > sqli-hap.py)
Full-blind: Timing based

The only things that these methods have in common is:

These attacks are all limited in some fashion because of environment and latency or dataset, respectively.
Successful exploitation requires automation programming.

Retrieved from "http://nets.ec/index.php?title=SQL_injection/Blind/Extraction&oldid=10021"

Navigation menu