Chapter 5. Blind SQL Injection Exploitation

Solutions in this chapter:

▪ Finding and Confirming Blind SQL Injection

▪ Using Time-Based Techniques

▪ Using Response-Based Techniques

▪ Using Alternative Channels

▪ Automating Blind SQL Injection Exploitation

Summary

Solutions Fast Track

Frequently Asked Questions

Introduction

So, you've found an SQL injection point, but the application gives you only a generic error page. Or perhaps it gives you the page as normal, but there is a small difference in what you get back, visible or not. These are examples of blind SQL injection, where you exploit without any of the useful error messages or feedback that you may be used to, as you saw in Chapter 4. Don't worry; you can still reliably exploit SQL injection even ...

Get SQL Injection Attacks and Defense now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SQL Injection Attacks and Defense by Justin Clarke-Salt

Solutions in this chapter:

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly