Blindfolded SQL Injection

[Free CISSP Exam Study Guide] Get expert advice that will help you pass the CISSP exam: sample questions, summaries of all 8 CISSP domains and more!

Until today, exploiting SQL Injection attacks depended on having the Web Server return detailed error messages or having any other source of information. As a result, many security administrators supressed these error messages, assuming this would protect them from SQL Injection exploitation. This white paper shows, however, that supressing the error messages does not provide real protection. The research done at WebCohort reveales a set of techniques that can be easily used by attackers in order to bypass this obstacle, making it clear that more substantial measures must be taken against SQL Injection attacks.

Download the paper in PDF format here.