Initialize Injection test is successful

When you are satisfied that Absinthe has been correctly configured to

exploit the vulnerability, you can launch the attack. To do this, go to the DB

Schema tab and select one or more of the available actions: Retrieve Username,

Load Table Info, and Load Field Info.

Absinthe works by replacing the test 

1=1

condition with a huge number of

arbitrary data from it.

For example, if you are targeting the Oracle platform, Absinthe may dis-

cover the first character of the current database user’s username by injecting

values like the following:

admin’ AND (SELECT ASCII(SUBSTR(a.username,1,1)) FROM USER_USERS a WHERE

A.USERNAME = user) = 65

This condition will be true if the first character of the username is A.

Absinthe will detect that it is true because the application’s response is identi-

cal to the original 

1=1

response. By automating a large number of queries,

In fact, rather than iterating through every possible character to find a hit,

Absinthe uses a more sophisticated binary chop technique, which dramatically

reduces the number of requests needed. This involves first testing whether the

queried character is higher than X, which is the middle value in the range of

allowed values. If so, the test is repeated for 1.5X; if not, it is repeated for 0.5X.

For example:

admin’ AND (SELECT ASCII(SUBSTR(a.username,1,1)) FROM USER_USERS a WHERE

A.USERNAME = user) > 19443--

admin’ AND (SELECT ASCII(SUBSTR(a.username,1,1)) FROM USER_USERS a WHERE

A.USERNAME = user) > 9722--

etc...

covered in the smallest possible number of attempts.