O'Reilly logo

Seven Deadliest Web Application Attacks by Mike Shema

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Inference

Some SQL injection vulnerabilities cannot be detected by direct observation of errors. These vulnerabilities require an inference-based methodology that compares how the site responds to a collection of specially crafted requests. This technique is also referred to as blind SQL injection.

An inference-based approach attempts to modify a query so that it will produce a binary response, such as forcing a query to become true or false, return one record or all records, or respond immediately or respond after a delay. This requires at least two requests to determine the presence of a vulnerability. For example, an attack to test true and false in a query might use OR 17=17 to represent always true and OR 17=37 to represent false. The ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required