Blind SQL Injection, or passing the elephant through the needle hole
blog.securitybalance.com
This SANS Diary entry from Bojan Zdrnja is a very good explanation about how an apparently non-exploitable SQL Injection condition can be used to get important information from the database. Just by looking at one of the sample injected SQL statements you can see how complex a SQL Injection attack can be:
Blind SQL Injection, or passing the elephant through the needle hole
Blind SQL Injection, or passing the elephant…
Blind SQL Injection, or passing the elephant through the needle hole
This SANS Diary entry from Bojan Zdrnja is a very good explanation about how an apparently non-exploitable SQL Injection condition can be used to get important information from the database. Just by looking at one of the sample injected SQL statements you can see how complex a SQL Injection attack can be: