Automated Blind Sql Exploitation presented at ShmooCon 2005

by Cameron Hotchkies,

Tags: Security SQL

URL : http://web.archive.org/web/20050404000611/www.shmoocon.org/program.html

Summary : Because of improper software design and implementation practices, the number of web-based applications vulnerable to SQL injection is still alarmingly high. Yet the actual steps used to exploit these applications remain very tedious and repetitive. This presentation will focus on methods available to automate the task of exploiting blind sql injection holes and will discuss the use of pattern recognition in the domain of web applications. The audience will be given a tour through the logic used for "Absinthe", the 0x90.org blind injection tool.