- Joined
- Jan 8, 2019
- Messages
- 56,623
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,456
- Points
- 2,313
- Credits
- 32,750
6 Years of Service
76%
SQL Blind Injection Tool
A script for automatizing boolean-based blind SQL injections.
Works with SQLite at least supports using cookies.
It uses bitwise comparisons with multithreading to find cell values instead of binary search, which is more efficient.
It’s able to:
Search cell values by columns in a table
Search characters count in a cell by columns in a table
Search rows count in a table
The search algorithm is shown below.
Knowing the name of its column (‘sqlite_master’ by default in sqlite, for example) and the column name of it (‘name’ in sqlite) you can find values of every cell in every row. And the fastest algorithm for this is checking the binary values of every character in every cell, which can be performed using multiple threads. Considering this, we can send only 7 requests to get the standard 7-bit letter, and using 1000 threads, we get ~142 letters per moment (it’s also worth keeping in mind requests to get the length of a cell value).