Time-Based Blind SQL Injection with Heavy Queries
Chema Alonso sent me a link to this Microsoft paper which is based on his PhD thesis. It explores how to exploit time-based SQL injection on any database backend without the use of usual “delay functions” like waitfor delay, benchmark, DBMS_LOCK, etc. Well worth a read.
Leave a Reply
You must be logged in to post a comment.