O'Reilly logo

SQL Injection Attacks and Defense, 2nd Edition by Justin Clarke-Salt

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 5

Blind SQL Injection Exploitation

Marco Slaviero

Solutions in this chapter:

• Finding and Confirming Blind SQL Injection

• Using Time-Based Techniques

• Using Response-Based Techniques

• Using Alternative Channels

• Automating Blind SQL Injection Exploitation

Introduction

So you’ve found a SQL injection point, but the application just gives you a generic error page? Or perhaps it gives you the page as normal, but there is a small difference in what you get back, visible or not? These are examples of blind SQL injection—where we exploit without any of the useful error messages or feedbacks that we saw in Chapter 4. Don’t worry though—you can still reliably exploit SQL injection even in these scenarios.

We saw a number of classic ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required