High Speed Blind SQL injections - Optimization Methods
I came to the conclusion that the blind SQL injection attack vectors we use are very old, slow, and there is a huge room for improvement to make them much faster and efficient.
I spent some time designing new highly optimized SQL injection vectors and I wrote a paper where I documented these vectors. It got accepted to present this research at various conferences such as Hackfest Quebec, B-Sides Philly, BugCON Mexico, DragonJAR Colombia and Hack in Paris (which I missed because I was severely jet-lagged and I feel very ashamed to say so).
For a self-explanatory and condensed version of the paper, you can find the slides of the talk HERE.
If you prefer a thorough explanation, you can find the paper in .txt format HERE.
Greetings.
Filed under: Hacking,SQL,Web Application Security - @ 2023-08-04 18:01
Tags: injection, optimization, sql, sqli, sqlmap