Even Faster Blind SQL injection methods

by Keith Makan
1 comment blog.k3170makan.com Pen Testing & Audits

A method presented at DerbyCon and BlackHat involves extracting not the bits of the character but the bits of a characters position in a look up table which contains a number of character ascii values---more on this later. This post discusses the conceptual advantages and fundamental drawbacks of the bin2pos method and introduces a new variant I've developed which provides better stability and only requires a maximum of 4 requests per character extraction but imposes some configurational requirements to the target web server.

http://blog.k3170makan.com/2013/10/even-faster-blind-sql-injection-methods.html

Avatar
Steven Ulm 5 months ago

I am sometimes wondering ... how faster can the Blind SQL injection methods get actually....

Reply