This week two new papers on blind sql injection have been released. The first paper was released
by Webcohort goes into detail on
how to detect blind sql injection, and how to carry out an attack. The paper released by Spidynamic's
"SPI Labs" covers similar
information, but also contains example 'fixes' for ASP.NET, and JSP applications.
Blind SQL Injection: Are your web applications vulnerable?, September 2003 (PDF)
– spidynamics
Blindfolded SQL Injection, September 2003 (PDF)
– webcohort