M2G Posted December 30, 2012 Report Posted December 30, 2012 IndexWhy blind sql injection?How blind sql injection can be used?Testing vulnerability (MySQL - MSSQL):Time attack (MySQL)Time attack (MSSQL)Regexp attack's methodologyFinding table name with Regexp attack (MySQL)Finding table name with Regexp attack (MSSQL)Exporting a value with Regexp attack (MySQL)Exporting a value with Regexp attack (MSSQL)Time considerationsBypassing filtersReal life exampleConclusionshttp://www.ihteam.net/papers/blind-sqli-regexp-attack.pdfYou can download an example of PHP code fromhttp://www.ihteam.net/papers/regexp_bsqli.php.tar.gz 1 Quote