Using binary search algorithms for blind sql injection


Authors:   Juan Pablo Quiñe Paz


Using binary search algorithms for blind sql injection
  • SQL injection is a common exploitation technique that involves injecting SQL code or logic into input variables to gain access to a database and potentially compromise the entire system
  • One of the main causes of SQL injection is the lack of input filtering controls
  • Firewalls that work in lower layers will not protect against SQL injection attacks
  • Blind SQL injection involves asking the database for a true or false answer and using that to determine the data being asked for
  • Binary search algorithms can be used to make blind SQL injection attacks more efficient
The speaker shares a personal anecdote about using Python scripts to perform blind SQL injection attacks, but finding the process slow and tedious. This led to the idea of using binary search algorithms to make the process more efficient.


Abstract:Ever when you started programming, did you ever wonder when will I use this in real life? I remember my first programming courses, where they gave me exercises with techniques that personally I never thought I could apply them to real life, less to the world of pentesting, and running some white box tests, I found a manual blindsqlinjection, but it was very slow, very tedious, and you can imagine, very noisy, so I decided to apply this algorithm to my script finding that all that knowledge was not in vain, but I could apply it in my day to day. This is the story.