I came to the conclusion that the blind SQL injection attack vectors we use are very old and there is a huge room of improvement to make them much faster and more efficient.

I wrote a paper where I documented these optimized injection vectors and it got accepted to Hackfest Quebec, B-Sides Philly and Hack in Paris (which I missed because I was severely jet-lagged and I feel very ashamed to say so).

For a self-explanatory and condensed version of the paper, you can find the slides of the talk HERE.

If you prefer detailed explanations, you can find the paper in .txt format HERE.

The tools are yet to be released. I need to find a decent python compiler so that the tools can compete fairly with sqlmap.

Greetings.

---

Filed under: Hacking,SQL,Web Application Security - @ 2023-08-04 18:01

Tags: injection, optimization, sql, sqli, sqlmap