logo
allArticlesConferencesPresentations

Using binary search algorithms for blind sql injection

Conference:  OWASP 20th Anniversary Event

2021-09-24

Authors:   Juan Pablo Quiñe Paz

Summary

Using binary search algorithms for blind sql injection
  • SQL injection is a common exploitation technique that involves injecting SQL code or logic into input variables to gain access to a database and potentially compromise the entire system
  • One of the main causes of SQL injection is the lack of input filtering controls
  • Firewalls that work in lower layers will not protect against SQL injection attacks
  • Blind SQL injection involves asking the database for a true or false answer and using that to determine the data being asked for
  • Binary search algorithms can be used to make blind SQL injection attacks more efficient
The speaker shares a personal anecdote about using Python scripts to perform blind SQL injection attacks, but finding the process slow and tedious. This led to the idea of using binary search algorithms to make the process more efficient.

Abstract

Abstract:Ever when you started programming, did you ever wonder when will I use this in real life? I remember my first programming courses, where they gave me exercises with techniques that personally I never thought I could apply them to real life, less to the world of pentesting, and running some white box tests, I found a manual blindsqlinjection, but it was very slow, very tedious, and you can imagine, very noisy, so I decided to apply this algorithm to my script finding that all that knowledge was not in vain, but I could apply it in my day to day. This is the story.
Materials:
Tags:
programming
real life
pentesting
white box testing
blindsqlinjection

Post a comment

Related work

All your math are belong to us

Conference:  Defcon 26
Authors:
2018-08-01

No Such Thing as a Stupid Question: Why Knowledge Shaming is Making Us Less Secure

Conference:  BlackHat USA 2021
Authors:
2021-11-11