Security Tutorials and Guides Whitepapers about security should be posted here.

InterN0T Affiliates:
EvilZonepy1337

SirCapsAlot.NET

Reply
 
LinkBack Thread Tools Display Modes
  #1  
Old 28th January 2010, 15:23
sniip3r's Avatar
 
Join Date: Mar 2009
Location: The net
Posts: 34
Rep Power: 5
Reputation: 68
sniip3r will become a Token soon
Methods of Quick Exploitation of Blind SQL Injection
SQL Injection vulnerabilities are often detected by analyzing error messages received from the database, but sometimes we cannot exploit the discovered vulnerability using classic methods (e.g., union). Until recently, we had to use boring slow techniques of symbol exhaustion in such cases. But is there any need to apply an ineffective approach, while we have the DBMS error message?! It can be adapted for line-by-line reading of data from a database or a file system, and this technique will be as easy as the classic SQL Injection exploitation. It is foolish not to take advantage of such opportunity! In this paper, we will consider the methods that allow one to use the database error messages as containers for useful data

Download PDF:
Code:
http://www.ptsecurity.com/download/PT-devteev-FAST-blind-SQL-Injection.pdf
Reply With Quote
  #2  
Old 28th January 2010, 16:11
Tsukasa's Avatar
-=Ninja Pirate=-
  
Join Date: Jun 2008
Location: ::1
Posts: 457
Rep Power: 11
Reputation: 287
Tsukasa is a light in the darkTsukasa is a light in the darkTsukasa is a light in the dark
Re: Methods of Quick Exploitation of Blind SQL Injection
If you load up fast-track/msf you will find that it has error based / blind injection modules.
__________________
"...a computer is a stupid machine with the ability to do incredibly
smart things, while computer programmers are smart people with the
ability to do incredibly stupid things. They are, in short, a perfect
match".
Reply With Quote
Reply

Bookmarks

« Routers emulators/simulators links here | Does SMS message poses a security threat... »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
[exploitation] Smashing the Stack for Fun and Profit s3my0n Offensive Guides & Information 1 22nd December 2009 16:44
[Guide] Blind SQL Injection macd3v Web Hacking & War Games 4 19th October 2009 09:27
[Question] Quick newby question on cracking software. Seeker General Hacking Discussions 7 7th September 2009 17:08
[News] InterN0T Quick Security Update & More MaXe InterN0T Newz 8 26th November 2008 10:03
ODFaq 2.1.0 Blind SQL Injection Exploit hestas Exploits, Vulnerabilities & PoCs 2 12th July 2008 01:27


All times are GMT +2. The time now is 05:41.
Copyright ©2007 - Forever, InterN0T & Teh Unkwon

Hosted by 1and1


Contact Us - InterN0T - Archive - Top
Powered by vBulletin® Version 1.3.37
Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.