Nytro Posted June 13, 2011 Report Share Posted June 13, 2011 Blind Sql Injection – Regular Expressions Attack Authors: // Removed on request Index Why blind sql injection?......................................................................................................................3 How blind sql injection can be used?...................................................................................................3 Testing vulnerability (MySQL - MSSQL):........................................................................................3 Time attack (MySQL)...........................................................................................................................3 Time attack (MSSQL)..........................................................................................................................4 Regexp attack's methodology................................................................................................................5 Finding table name with Regexp attack (MySQL)...........................................................................5 Finding table name with Regexp attack (MSSQL)...........................................................................6 Exporting a value with Regexp attack (MySQL).............................................................................7 Exporting a value with Regexp attack (MSSQL).............................................................................7 Time considerations.............................................................................................................................8 Bypassing filters..................................................................................................................................9 Real life example.................................................................................................................................9 Conclusions.........................................................................................................................................9 Download: http://www.ihteam.net/papers/blind-sqli-regexp-attack.pdf Quote Link to comment Share on other sites More sharing options...
