Sunday, May 16, 2010

Easy Method: Blind SQL Injection

Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application, rather than getting a useful error message, they get a generic page specified by the developer instead. This makes exploiting a potential SQL Injection attack more difficult but not impossible. An attacker can still steal data by asking a series of True and False questions through SQL statements.

The attacker provides your database application with some malformed data, and your application uses that data to build a SQL statement using string concatenation. This allows the attacker to change the semantics of the SQL query. People tend to use string concatenation because they don’t know there’s another, safer method, and let’s be honest, string concatenation is easy, but it’s wrong step. A less common variant is SQL stored procedures that take a parameter and simply execute the argument or perform the string concatenation with the argument and then execute the result.

Nowadays, it is very easy to perform Blind SQL injection compare to a few years ago because a lot of SQL injection tools available on the Internet. You can download it from security website or hacker website and use it to test for MySQL, MSSQL or Oracle. By using these automated tools, it is very easy and fast to find holes or bugs for SQL injection or Blind SQL injection from a website.

In this article, I will show you how to find and perform Blind SQL injection testing using several tools. By using these methods, you can complete your testing in less than 10 minutes and it is very useful method especially for penetration testers or security consultants who have to complete their penetration testing in certain period of time. You can finish your penetration testing and get the better results using the simple methods.

You can download my article from The Exploit Database:
http://www.exploit-db.com/download_pdf/12622

No comments: