Even Faster Blind SQL injection methods

by Keith Makan
1 comment blog.k3170makan.com Pen Testing & Audits

A method presented at DerbyCon and BlackHat involves extracting not the bits of the character but the bits of a characters position in a look up table which contains a number of character ascii values---more on this later. This post discusses the conceptual advantages and fundamental drawbacks of the bin2pos method and introduces a new variant I've developed which provides better stability and only requires a maximum of 4 requests per character extraction but imposes some configurational requirements to the target web server.


Steven Ulm 8 months ago

I am sometimes wondering ... how faster can the Blind SQL injection methods get actually....