Resources & Tools

Resources

• https://portswigger.net/web-security/sql-injection/blind

• https://owasp.org/www-community/attacks/Blind_SQL_Injection

• https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html

• See the OWASP code review guide Section A1 https://owasp.org/www-pdf-archive/OWASP_Code_Review_Guide_v2.pdf

• more Advanced SQL Injection - by NGS

• Blind SQL Injection Automation Techniques - Black Hat Pdf

• Blind Sql-Injection in MySQL Databases

• Cgisecurity.com: What is Blind SQL Injection?

• Kevin Spett from SPI Dynamics:

  • http://www.net-security.org/dl/articles/Blind_SQLInjection.pdf

  • http://www.imperva.com/resources/whitepapers.asp?t=ADC

  • Advanced SQL Injection

• https://dev.mysql.com/doc/refman/8.0/en/select.html

Tools

• SQL Power Injector

• Absinthe :: Automated Blind SQL Injection

• SQLBrute - Multi Threaded Blind SQL Injection Bruteforcer in Python

• SQLiX - SQL Injection Scanner in Perl

• sqlmap, automatic SQL injection tool in Python

• bsqlbf, a blind SQL injection tool in Perl

• Burpsuite