full-disclosure-uk August 2008 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] Deep Blind SQL Injection W

[Full-disclosure] Deep Blind SQL Injection Whitepaper

From: Ferruh Mavituna <ferruh_at_nospam>
Date: Tue Aug 19 2008 - 13:35:25 GMT
To: "Full Disclosure" <full-disclosure@lists.grok.org.uk>


This is a short whitepaper about a new way to exploit Blind SQL Injections. It's implemented in BSQL Hacker (
http://labs.portcullis.co.uk/application/bsql-hacker/ ).

*It is possible gather information from a target server with a 66% reduction
in the number of requests made of the server (compared to normal Blind SQL Injection), requiring two rather than six requests to retrieve each char.
*
*Download:
*https://labs.portcullis.co.uk/download/Deep_Blind_SQL_Injection.pdf

Regards, -- Ferruh Mavituna http://ferruh.mavituna.com

_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/