Full Disclosure mailing list archives
Re: Deep Blind SQL Injection Whitepaper
From: nummish <nummish () 0x90 org>
Date: Thu, 28 Aug 2008 11:36:23 -0500
2008/8/19 David Litchfield <davidl () ngssoftware com>Hi Ferruh,This is a short whitepaper about a new way to exploit Blind SQL Injections.I just had a read of your paper. You open with: "If the injection point is completely blind then the only way to extract data is using time based attacks like WAITFOR DELAY, BENCHMARK etc." This is not the case. You can use other non-time based (and therefore faster) methods to infer the value of data. See "Data-mining with SQL Injection and Inference" - http://www.ngssoftware.com/papers/sqlinference.pdf Cheers, DavidOn Tue, Aug 19, 2008 at 1:09 PM, Ferruh Mavituna <ferruh () mavituna com> wrote: Hi David, I'm aware of the other methods which mostly explained on your paper. Footnote 2 which clears up the definition "completely blind" was supposed to be "No error is displayed and no indicators are visible in the response" instead of "No error is displayed and no indicators are visible in the response that an error occurred". Hopefully will update the paper soon, thanks for pointing it out. Cheers,
Sorry to resurrect a 9 day old thread here... It's an interesting concept, but like all timing based attacks, won't the digits be more susceptible to noise due to possible network latency? Even with two queries, there is still a large volume of requests getting made, and one little bump can invalidate the information you are pulling out. If that really isn't an issue, you may want to consider putting the 6 digit first, then 1,2,3,4,5,7,8,9 as that's going to show up far more frequently. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Deep Blind SQL Injection Whitepaper Ferruh Mavituna (Aug 19)
- Re: Deep Blind SQL Injection Whitepaper David Litchfield (Aug 19)
- Re: Deep Blind SQL Injection Whitepaper Ferruh Mavituna (Aug 19)
- Re: Deep Blind SQL Injection Whitepaper nummish (Aug 28)
- Re: Deep Blind SQL Injection Whitepaper Haroon Meer (Aug 28)
- Re: Deep Blind SQL Injection Whitepaper Ferruh Mavituna (Aug 19)
- Re: Deep Blind SQL Injection Whitepaper David Litchfield (Aug 19)
- Re: Deep Blind SQL Injection Whitepaper Sir Mordred (Aug 20)
- Re: Deep Blind SQL Injection Whitepaper Marco Slaviero (Aug 20)