Blind SQL injection possible enhancements

[bdamele]

Check and eventually implement new/updated blind sql injection exploitation techniques:

• http://websec.wordpress.com/2011/04/06/blind-sqli-techniques/
• http://websec.ca/blog/view/optimized_blind_sql_injection_data_retrieval
• http://pen-testing.sans.org/blog/2011/10/31/making-blind-sql-injection-more-efficient-new-tool

[stamparm]

This is all snake oil per se. Theoretical minimum for retrieving data through blind injection is Log2n. Other than that is either optimization for chars [A-Za-z0-9] only or author overestimated himself in calculations (I especially like these). As we are targeting general data (e.g. char(int(0)) == 0 which is something not in ranges [97-122] U [65-90] U [48-57]) and UNICODE, Log2n retrieval which we already do is optimal as it gets