[转载]Data-Mining With SQL Injection and Inference

信息来源：http://www.ngssoftware.com/

When drilling for data via SQL injection there are three classes of attack – inband, out-of-band and the relatively unknown inference attack. Inband attacks extract data over the same channel between the client and the web server, for example, results are embedded in a web page via a union select. Out-of-band attacks employ a different communications channel to drill for data by using database mail or HTTP functions for example. Inference attacks stand alone in the fact that no actual data is transferred – rather, a difference in the way an application behaves can allow an attacker to infer the value of the data. SQL Inference is the subject of this paper; this paper is the paper I promised I’d write after talking about this at the Blackhat Security Briefings in Europe of in the March of 2005. Better late than never!