Difference between revisions of "Talk:Testing for SQL Server"

Jump to: navigation, search
(2 intermediate revisions by 2 users not shown)
(No difference)

Latest revision as of 19:15, 14 December 2008

I think that the timing attack described by Daniel Bleichenbacher is too much of a different nature to be used as an example for the WAITFOR-based injection... Moreover, we should probably change the terminology from "timing attack" to "inferenced attacks" which is the original term used by David Litchfield and is a more general term, encompassing other similar techniques based on error codes and parameter splitting (see his paper in the references) ...what do you guys think ?