Security Tutorials and Guides Whitepapers about security should be posted here.

InterN0T Affiliates:
EvilZonepy1337

SirCapsAlot.NET

Reply
 
LinkBack Thread Tools Display Modes
  #1  
Old 28th January 2010, 14:23
Erratum's Avatar
 
Join Date: Mar 2009
Location: in your machine....
Posts: 108
Rep Power: 7
Reputation: 115
Erratum will become a Token soonErratum will become a Token soon
Methods of Quick Exploitation of Blind SQL Injection
SQL Injection vulnerabilities are often detected by analyzing error messages received from the database, but sometimes we cannot exploit the discovered vulnerability using classic methods (e.g., union). Until recently, we had to use boring slow techniques of symbol exhaustion in such cases. But is there any need to apply an ineffective approach, while we have the DBMS error message?! It can be adapted for line-by-line reading of data from a database or a file system, and this technique will be as easy as the classic SQL Injection exploitation. It is foolish not to take advantage of such opportunity! In this paper, we will consider the methods that allow one to use the database error messages as containers for useful data

Download PDF:
Code:
http://www.ptsecurity.com/download/PT-devteev-FAST-blind-SQL-Injection.pdf
Reply With Quote
  #2  
Old 28th January 2010, 15:11
Tsukasa's Avatar
-=Ninja Pirate=-
  
Join Date: Jun 2008
Location: ::1
Posts: 491
Rep Power: 14
Reputation: 319
Tsukasa is a light in the darkTsukasa is a light in the darkTsukasa is a light in the darkTsukasa is a light in the dark
Re: Methods of Quick Exploitation of Blind SQL Injection
If you load up fast-track/msf you will find that it has error based / blind injection modules.
__________________
"...a computer is a stupid machine with the ability to do incredibly
smart things, while computer programmers are smart people with the
ability to do incredibly stupid things. They are, in short, a perfect
match".
Reply With Quote
Reply

Bookmarks

« Routers emulators/simulators links here | Does SMS message poses a security threat... »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
[Guide] Blind SQL Injection macd3v Web Hacking & War Games 5 11th April 2010 23:25
[Question] Quick newby question on cracking software. Seeker General Hacking Discussions 7 7th September 2009 16:08
[News] InterN0T Quick Security Update & More MaXe InterN0T Newz 8 26th November 2008 09:03
[Cross Platform] SecurityForest ~ ExploitTree & Exploitation Framework MaXe Hacking Tools & Utilities 3 29th July 2008 12:48
ODFaq 2.1.0 Blind SQL Injection Exploit hestas Exploits, Vulnerabilities & PoCs 2 12th July 2008 00:27


All times are GMT +2. The time now is 13:54.
Copyright ©2007 - Forever, InterN0T & Teh Unkwon

Hosted by 1and1


Contact Us - InterN0T - Archive - Top
Powered by vBulletin® Version 1.3.37
Copyright ©2000 - 2010, Jelsoft Enterprises Ltd.