Full Disclosure mailing list archives
Re: Deep Blind SQL Injection Whitepaper
From: Haroon Meer <haroon () sensepost com>
Date: Thu, 28 Aug 2008 18:52:16 +0200
Hi nummish.. * On 28/08/2008, [at 11:36:23 -0500] nummish [nummish () 0x90 org] seemed to say:
Sorry to resurrect a 9 day old thread here... It's an interesting concept, but like all timing based attacks, won't the digits be more susceptible to noise due to possible network latency? Even with two queries, there is still a large volume of requests getting made, and one little bump can invalidate the information you are pulling out.
We bumped into the same problem when we took the ordinal(char) approach. A small hiccup on the line easily makes an A an E The bit by bit approach we use (http://www.sensepost.com/research/squeeza/) makes this problem much easier to deal with.. i.e. we once had an insanely bad connection to a box and upp'ed the delay per bit to 14 seconds.. i.e, 14 secs == 1, 0 == 0. The analyst aged a few years while waiting for the output he needed, but you can be fairly confident of the integrity of the data. (its why squeeza happlily does a transfer of binary files from the server using just timing (and patience)) /mh Ps.. checkout the paper on the same page for snippets of the sql we are using.. --Haroon Meer, SensePost Information Security | http://www.sensepost.com/blog/ PGP: http://www.sensepost.com/pgp/haroon.txt | Tel: +27 83786 6637
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Deep Blind SQL Injection Whitepaper Ferruh Mavituna (Aug 19)
- Re: Deep Blind SQL Injection Whitepaper David Litchfield (Aug 19)
- Re: Deep Blind SQL Injection Whitepaper Ferruh Mavituna (Aug 19)
- Re: Deep Blind SQL Injection Whitepaper nummish (Aug 28)
- Re: Deep Blind SQL Injection Whitepaper Haroon Meer (Aug 28)
- Re: Deep Blind SQL Injection Whitepaper Ferruh Mavituna (Aug 19)
- Re: Deep Blind SQL Injection Whitepaper David Litchfield (Aug 19)
- Re: Deep Blind SQL Injection Whitepaper Sir Mordred (Aug 20)
- Re: Deep Blind SQL Injection Whitepaper Marco Slaviero (Aug 20)