Secrets of Exploiting Blind SQL Injection

  • Wednesday, 30 Apr 2014 1:00PM EDT (30 Apr 2014 17:00 UTC)
  • Speaker: Justin Searle
Join us for a follow up to the \Secrets of Exploiting" series, a series ofwebcasts giving you sneak peaks into one of hottest new SANS classes,SEC642: Advanced Web App Penetration Testing and Ethical Hacking. In thiswebcast, we'll take a deeper look at how to exploit blind SQL injectionvulnerabilities. Since blind SQL vulnerabilities do not inherently returndata from the database, we have to find other ways to retrieve the data wewant. This webcast will discuss how we can overcome these limitationsthrough four different exfiltrate methods including single line retrieval,error messages, boolean indicators, and attacker controlled timing delays.More importantly, we'll show you how this can be automatically done withsqlmap so you don't have to become a DBA to launch these types of attacks.""