Home

elsware

This project represents some ideas I've had regarding how to improve blind sql injection exploitation.

Raw data, extracted using a full 8 bit character set (could be 7 I guess):

"This is some text! 123! @"
This took 208 queries, or 8 queries per character.

But, there's a lot of "data" there that's not information. I got this:

"THIS IS SOME TEXT. ###. ."
With 130 queries, or 5 queries per character. This is 5/8th's of the time, bandwidth, and footprint, or almost 40% faster!

You can use this to look for information that seems interesting. The special characters tell me about the data. I see the alphas, and the numbers are indicated by #. The '.' tell me that there is punctuation there.

The next step is to write a "refine" functionality that will take this data and refine it to it's original form. I can leverage what I already know, so that getting precise data takes:

  • 1 query for alpha's (to determine case)
  • 4 queries for numbers (4 bits)
  • 5 or 7 queries for everything else, depending on which meta character is in the "scrunched" data.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.