Wait, this is known as a blind SQLi, and it's not so blind. You can still use ti... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		hot_gril 9 months ago \| parent \| context \| favorite \| on: I Went to SQL Injection Court Wait, this is known as a blind SQLi, and it's not so blind. You can still use timing to get the info you need one bit at a time. This may be slow, but it's doable without triggering any DB errors, so you have time.

HDThoreaun 9 months ago [–]

people come up with the darndest things.

hot_gril 9 months ago | [–]

Yeah, it's a cool trick and not obvious. I think when I said SQL injection gets you the schema, I was recalling some faint old memory from a security course without remembering why this is doable.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact