WebApp Sec mailing list archives
Re: Deep Blind SQL Injection Whitepaper
From: Haroon Meer <haroon () sensepost com>
Date: Thu, 21 Aug 2008 22:31:55 +0200
Hey guys.. * On 19/08/2008, [at 14:38:55 +0100] Ferruh Mavituna [ferruh () mavituna com] seemed to say:
This is a short whitepaper about a new way to exploit Blind SQL Injections. It's implemented in BSQL Hacker ( http://labs.portcullis.co.uk/application/bsql-hacker/ ). It is possible gather information from a target server with a 66% reduction in the number of requests made of the server (compared to normal Blind SQL Injection), requiring two rather than six requests to retrieve each char.
if you like, you can also check out squeeza [http://www.sensepost.com/research/squeeza/] and its associated whitepaper [http://www.sensepost.com/research/squeeza/dc-15-meer_and_slaviero-WP.pdf] squeeza allowed sql injection attacks to extract info via DNS/Timing/Error Messages also, but its timing method extracted data one bit at a time with retransmits / state control, effectively allowing for full binary safe data transfer from the injectable .db squeeza is written in ruby, and not as pretty as bsql-hacker, but in its defense _did_ have an ascii art logo.. /mh --Haroon Meer, SensePost Information Security | http://www.sensepost.com/blog/ PGP: http://www.sensepost.com/pgp/haroon.txt | Tel: +27 83786 6637
Attachment:
_bin
Description:
Current thread:
- Deep Blind SQL Injection Whitepaper Ferruh Mavituna (Aug 21)
- Re: Deep Blind SQL Injection Whitepaper Haroon Meer (Aug 21)