Blind SQL Injection Discovery And Exploitation Technique
This paper describes a technique to deal with blind SQL injection spot with ASP/ASP.NET applications running with access to XP_CMDSHELL. It is possible to perform a pen test against this scenario by not having any kind of reverse access or display of error message. It can be used in a completely blind environment and successful execution can grant remote command execution on the target application with admin privileges.
Download the paper in PDF format here.