Jump to content
M2G

[PDF] Blind Sql Injection with Regular Expressions Attack

Recommended Posts

Posted

Index

Why blind sql injection?
How blind sql injection can be used?
Testing vulnerability (MySQL - MSSQL):
Time attack (MySQL)
Time attack (MSSQL)
Regexp attack's methodology
Finding table name with Regexp attack (MySQL)
Finding table name with Regexp attack (MSSQL)
Exporting a value with Regexp attack (MySQL)
Exporting a value with Regexp attack (MSSQL)
Time considerations
Bypassing filters
Real life example
Conclusions

http://www.ihteam.net/papers/blind-sqli-regexp-attack.pdf

You can download an example of PHP code from

http://www.ihteam.net/papers/regexp_bsqli.php.tar.gz

  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...