By using blind technique, you have to spend more time than normal injection.
You can obtain only one character while you send several queries to server.
We will give you an example of querying the first character of database name.
We assume that database name is member. Therefore, the first character is “m”
which the ascii value is 109. (At this point, we assume that you know ascii code)
Ok, first, we have to know that the results from requests have only 2 forms.
阅读全文
http://devteev.blogspot.com/2010/01/blind-sql-injection-oracle.html
With an interesting selection of fast ways of exploitation of blind SQL-injection, I lacked similar techniques for not less common DBMS Oracle. This prompted me to try a little Research, Inc., aimed at finding such techniques in the specified database.
阅读全文
当攻击者执行SQL注入攻击的服务器有时回应错误讯息,数据库服务器的提示SQL查询的语法是不正确的。盲SQL注入是跟正常的SQL注入相同外,当攻击者试图利用一个应用程序时,不能得到一个有用的错误信息,而是得到开发者指定的通用网页。这使得利用潜在的SQL注入攻击变得更加困难,但并非不可能。攻击者仍然可以通过SQL语句进行一连串的真假问题测试,成功的注入并窃取数据。
原文是英文的,我简单翻译了一下。原文附下:
When an attacker executes SQL Injection attacks sometimes the server responds with error messages from the database server complaining that the SQL Query’s syntax is incorrect.
阅读全文
