Time-Based Blind SQL Injection with Heavy Queries

Chema Alonso sent me a link to this Microsoft paper which is based on his PhD thesis. It explores how to exploit time-based SQL injection on any database backend without the use of usual “delay functions” like waitfor delay, benchmark, DBMS_LOCK, etc. Well worth a read.