[Full-disclosure] Deep Blind SQL Injection Whitepaper
Ferruh Mavituna
ferruh at mavituna.com
Tue Aug 19 14:35:25 BST 2008
This is a short whitepaper about a new way to exploit Blind SQL Injections.
It's implemented in BSQL Hacker (
http://labs.portcullis.co.uk/application/bsql-hacker/ ).
*It is possible gather information from a target server with a 66% reduction
in the number of requests made of the server (compared to normal Blind SQL
Injection), requiring two rather than six requests to retrieve each char.
*
*Download:
*https://labs.portcullis.co.uk/download/Deep_Blind_SQL_Injection.pdf
Regards,
--
Ferruh Mavituna
http://ferruh.mavituna.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20080819/f9744d31/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.