SQL Injection Inference

I never put too much thought into how one mines a database via SQL injection especially when a web page is designed for only a certain type of output. This paper has quite a bit of information about mining through inference. Much of the paper is directed at MS SQL Server but there is information about other databases as inference is a general attack.

Advertisements

One comment

  1. 95% of most pen-testers are relying on sql injection attacks. Once these are cleaned up, the attack surface will become very, very slim.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s