Rapid Blind SQL Injection Exploitation with BBQSQL presented at DEF CON 20

by Ben Toews, Scott Behrens,

Summary : Blind SQL injection can be a pain to exploit. When
the available tools work they work well, but when
they dont you have to write something custom.
This is time-consuming and tedious. This talk will
be introducing a new tool called BBQSQL that
attempts to address these concerns. This talk
will start with a brief discussion of SQL Injection
and Blind SQL Injection. It will then segue into
a discussion of how BBQSQL can be useful in
exploiting these vulnerabilities. This talk will
cover how features like evented concurrency and
character frequency based searching can greatly
improve the performance of a SQL Injection
tool. This talk should leave you with enough
knowledge to begin using BBQSQL to simplify
and speed up your application pentests.