Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
40Activity
0 of .
Results for:
No results containing your search query
P. 1
Blind SQL Injection

Blind SQL Injection

Ratings: (0)|Views: 3,127 |Likes:
Published by elabir

More info:

Published by: elabir on Jun 01, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

01/20/2012

pdf

text

original

 
 
Easy Method: Blind SQL Injection
16-05-2010
Author: Mohd Izhar AliEmail: johncrackernet@yahoo.comWebsite: http://johncrackernet.blogspot.com
 
Easy Method: Blind SQL Injection
COPYRIGHT 2010 -ALL RIGHTS RESERVED Page 3
1. Introduction
Blind SQL injection is identical to normal SQL Injection except that when anattacker attempts to exploit an application, rather than getting a useful errormessage, they get a generic page specified by the developer instead. This makesexploiting a potential SQL Injection attack more difficult but not impossible. Anattacker can still steal data by asking a series of True and False questions throughSQL statements.Theattacker provides your database application with some malformed data, andyour application uses that data to build a SQL statement using stringconcatenation. This allows the attacker to change the semantics of the SQL query.
People tend to use string concatenation because they don’t know there’s another,safer method, and let’s be honest, string concatenation is easy, but it’s wrong step. A 
less common variant is SQL stored procedures that take a parameter and simplyexecute the argument or perform the string concatenation with the argument andthen execute the result. Nowadays, it is very easy to perform Blind SQL injection compare to a few yearsago because a lot of SQL injection tools available on the Internet. You can downloadit from security website or hacker website and use it to test for MySQL, MSSQL orOracle. By using these automated tools, it is very easy and fast to find holes or bugsfor SQL injection or Blind SQL injection from a website.In this article, I will show you how to find and perform Blind SQL injection testingusing several tools. By using these methods, you can complete your testing in lessthan 10 minutes and it is very useful method especially for penetration testers orsecurity consultants who have to complete their penetration testing in certainperiod of time. You can finish your penetration testing and get the better resultsusing the simple methods.

Activity (40)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
dakkar-raven liked this
zkual0 liked this
elvian liked this
ampontd liked this
Alex Rozack liked this
Mónica Silva liked this

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->