Great (and simple) idea! Further optimization of the side-channel transfer rate could be possible (depending on the victim response times and other factors), so limiting it to 4 bits per query is unnecessary.
Details: http://www.logris.org/security/deep-blind-sql-injection Cheers, Mordred _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/