hackallthethings

SQL Injection: Timing-Based Extraction PoC Video Demo (verbosity enabled)

by hackallthethings 2016-07-04 02:51:46 UTC
  • Linux / bash / screen
  • 526

Timing-based extraction is a mathematical technique that allows an attacker to exfiltrate multiple bits of data per request on a full-blind injection vulnerability by measuring the remote host's response time.

The verbosity is enabled so that the user can see the request, response time, and mathematical variables involved with such an attack. This technique is fully documented at http://howto.hackallthethings.com/2016/07/extracting-multiple-bits-per-request.html

More by hackallthethings