This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Blind SQL Injection"
From OWASP
m (→Description: External link -> internal link (to SQL injection)) |
|||
| Line 20: | Line 20: | ||
* [http://www.securiteam.com/tools/5IP0L20I0E.html SQLBrute - Multi Threaded Blind SQL Injection Bruteforcer] in Python | * [http://www.securiteam.com/tools/5IP0L20I0E.html SQLBrute - Multi Threaded Blind SQL Injection Bruteforcer] in Python | ||
* [http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project SQLiX - SQL Injection Scanner] in Perl | * [http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project SQLiX - SQL Injection Scanner] in Perl | ||
| + | * [http://sqlmap.sourceforge.net sqlmap, a blind SQL injection tool] in Python | ||
==Examples == | ==Examples == | ||
Revision as of 09:08, 20 December 2006
- This is an Attack. To view all attacks, please see the Attack Category page.
Description
Blind SQL injection is identical to normal SQL injection, however, when such an attack is performed a handled error message is returned. This results in no generic database error messages and without disclosing such information the attacker is working 'blindly.'
Online Resources
- more Advanced SQL Injection - by NGS
- Blind SQL Injection Automation Techniques - Black Hat Pdf
- Blind Sql-Injection in MySQL Databases
- Cgisecurity.com: What is Blind SQL Injection?
- Blind SQL Injection
- http://www.spidynamics.com/whitepapers/Blind_SQLInjection.pdf
- http://www.imperva.com/application_defense_center/white_papers/blind_sql_server_injection.html
- SQL Injection Attacks
Tools
- SQL Power Injector
- [Absinthe :: Automated Blind SQL Injection // ver1.3.1
- SQLBrute - Multi Threaded Blind SQL Injection Bruteforcer in Python
- SQLiX - SQL Injection Scanner in Perl
- sqlmap, a blind SQL injection tool in Python
