Blind MySQL injection and database stressing
Complete with the rest of Mysql blind injection papers in the web.
Currently tools are being used to get SQL data from a blind (Microsoft) sql injection, like datathief of absinthe. The problem in Mysql is the dificulty to get the database structure. In Mysql there are no Objects database or alike, so it’s not possible to create an stored procedure to walktrough a database catalog as these programs do with other database managers.
The approach explained here is from a web service viewpoint. It’s, from a web service vulnerable to sql injection.
Current Blind SQL injection methods (more…)
