[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Deep Blind SQL Injection Whitepaper

To: "Full Disclosure" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] Deep Blind SQL Injection Whitepaper
From: "Ferruh Mavituna" <ferruh@xxxxxxxxxxxx>
Date: Tue, 19 Aug 2008 14:35:25 +0100

This is a short whitepaper about a new way to exploit Blind SQL Injections.
It's implemented in BSQL Hacker (
http://labs.portcullis.co.uk/application/bsql-hacker/ ).

*It is possible gather information from a target server with a 66% reduction
in the number of requests made of the server (compared to normal Blind SQL
Injection), requiring two rather than six requests to retrieve each char.
*
*Download:
*https://labs.portcullis.co.uk/download/Deep_Blind_SQL_Injection.pdf



Regards,

-- 
Ferruh Mavituna
http://ferruh.mavituna.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Deep Blind SQL Injection Whitepaper
  - From: David Litchfield
- Re: [Full-disclosure] Deep Blind SQL Injection Whitepaper
  - From: Sir Mordred
- Re: [Full-disclosure] Deep Blind SQL Injection Whitepaper
  - From: Marco Slaviero

Prev by Date: Re: [Full-disclosure] The Hacksaw Conspiracies
Next by Date: Re: [Full-disclosure] 0day offer
Previous by thread: [Full-disclosure] Introducing the Android Security Team
Next by thread: Re: [Full-disclosure] Deep Blind SQL Injection Whitepaper
Index(es):
- Date
- Thread