Jump to content
Nytro

Blind Sql Injection – Regular Expressions Attack

By Nytro, in Tutoriale in engleza

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

Blind Sql Injection – Regular Expressions Attack

 

Authors:

// Removed on request

  
Index
Why blind sql injection?......................................................................................................................3
How blind sql injection can be used?...................................................................................................3
Testing vulnerability (MySQL - MSSQL):........................................................................................3
Time attack (MySQL)...........................................................................................................................3
Time attack (MSSQL)..........................................................................................................................4
Regexp attack's methodology................................................................................................................5
Finding table name with Regexp attack (MySQL)...........................................................................5
Finding table name with Regexp attack (MSSQL)...........................................................................6
Exporting a value with Regexp attack (MySQL).............................................................................7
Exporting a value with Regexp attack (MSSQL).............................................................................7
Time considerations.............................................................................................................................8
Bypassing filters..................................................................................................................................9
Real life example.................................................................................................................................9
Conclusions.........................................................................................................................................9

Download:

  
http://www.ihteam.net/papers/blind-sqli-regexp-attack.pdf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...