WebApp Sec mailing list archives
Using Binary Search with SQL Injection
From: "Sverre H. Huseby" <shh () thathost com>
Date: Tue, 26 Aug 2003 18:19:16 +0200
When being bored, one often does strange and useless things, such as this: Using Binary Search with SQL Injection ====================================== Sverre H. Huseby shh () thathost com 2003-08-26 With SQL Injection one may perform many cool attacks on a web site. This text will not tell you how, as it assumes you're already familiar with advanced SQL Injection. Getting access to information using SQL Injection is sometimes trivial, and sometimes hard. How hard it is depends on many factors, such as: Is it possible to use UNION SELECT? Is it possible to batch requests in order to INSERT or UPDATE something based on subselects? The following presents a method to get access to values of textual database fields when neither batched queries nor UNION SELECT will help. [...] Read the rest of this text here: http://shh.thathost.com/text/binary-search-sql-injection.txt Sverre. -- shh () thathost com http://shh.thathost.com/
Current thread:
- Using Binary Search with SQL Injection Sverre H. Huseby (Aug 26)
- <Possible follow-ups>
- Re: Using Binary Search with SQL Injection dave (Aug 28)