tag:blogger.com,1999:blog-4984553587728477254.post2108433579138605597..comments2023-04-10T03:25:30.651-07:00Comments on Regalado (In) Security: Time Based Blind SQL InjectionDanuxhttp://www.blogger.com/profile/06729243424924753220noreply@blogger.comBlogger7125tag:blogger.com,1999:blog-4984553587728477254.post-35837375797379856222012-04-04T22:47:24.994-07:002012-04-04T22:47:24.994-07:00That is true, but in this case it is MSSQL so the ...That is true, but in this case it is MSSQL so the /**/ trick does not work. But good to know when dealing with MySQL. Thanks.Danuxhttps://www.blogger.com/profile/06729243424924753220noreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-36124899855832509442012-04-03T23:27:32.715-07:002012-04-03T23:27:32.715-07:00But if you have all whitespaces stripped out, then...But if you have all whitespaces stripped out, then you can use /**/ instead of space (at least when MySQL is used).<br />SELECT/**/some_id,some_field/**/FROM/**/some_table/**/WHERE/**/some_field=some_valueAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-72710537033532821852012-03-22T09:56:28.793-07:002012-03-22T09:56:28.793-07:00Thanks Miroslav for sharing this. Definitely I wil...Thanks Miroslav for sharing this. Definitely I will check --tamper option. By the way, do you know if SQLNinja has something similar?Danuxhttps://www.blogger.com/profile/06729243424924753220noreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-15953667062611787422012-03-22T03:11:20.288-07:002012-03-22T03:11:20.288-07:00This is not true for sqlmap "the TAB (%09) tr...This is not true for sqlmap "the TAB (%09) trick is not handled by them and therefore all my injections were being rejected". There is a mechanism called tampering scripts (switch --tamper) and in your case you could just use --tamper=space2randomblank (take a look into ./sqlmap/tamper script for more tampering scripts beside this space2randomblank.py one)Miroslav Štamparhttps://www.blogger.com/profile/06511965436268173271noreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-11099619780988387692012-03-13T19:05:08.060-07:002012-03-13T19:05:08.060-07:00Good information on SQLi and thanks MH for the lin...Good information on SQLi and thanks MH for the link reference.Shankar Arjunanhttps://www.blogger.com/profile/05350518736028723786noreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-49930223706699802112012-03-13T13:38:35.311-07:002012-03-13T13:38:35.311-07:00Thanks bro for the reference.Thanks bro for the reference.Danuxhttps://www.blogger.com/profile/06729243424924753220noreply@blogger.comtag:blogger.com,1999:blog-4984553587728477254.post-38038389036005421952012-03-12T23:07:03.454-07:002012-03-12T23:07:03.454-07:00Hi.
You should checkout "Its all about the t...Hi.<br /><br />You should checkout "Its all about the timing" from BlackHat 2007 (https://www.blackhat.com/presentations/bh-usa-07/Meer_and_Slaviero/Whitepaper/bh-usa-07-meer_and_slaviero-WP.pdf)MHhttps://www.blogger.com/profile/06767780625221963436noreply@blogger.com